Vulnerabilities

CVE-2023-20048 - Cisco Firepower Management Center Software Command Injection Vulnerability

Cisco has released software updates to address 27 vulnerabilities in Cisco ASA, FMC, and FTD software.

Summary

A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software. This vulnerability is due to insufficient authorization of configuration commands that are sent through the web service interface.

The vulnerability is deeply rooted in the core functionality of Cisco’s FMC Software, posing a significant threat to network defenses as the FMC is the central control system for Cisco’s Firepower Threat Defense (FTD), responsible for orchestrating security measures and protecting networks from threats.   The discovered vulnerability exposes a flaw in the web services interface of the FMC software, providing a potential entry point for authenticated users to seize control of the system.

To exploit this vulnerability, an attacker would need valid credentials for the FMC web services interface. Once authenticated, they could send a specially crafted HTTP request to the FMC device, enabling them to execute arbitrary commands.

In response to the discovery of this vulnerability, Cisco has issued software updates to rectify the flaw. Fortunately, there have been no reported instances of malicious use or public disclosures of this security vulnerability.

Users of Cisco FMC Software are urged to update to the latest version as soon as possible. Cisco has released software updates that address this vulnerability, and currently, there are no workarounds to mitigate this vulnerability.

CVE-2023-20048 –  Cisco Firepower Management Center Software Command Injection Vulnerability

                CVSSv3: 9.9

Affected Products/Versions

This vulnerability affects Cisco products if they are running a vulnerable release of Cisco FMC Software.

Cisco has confirmed that this vulnerability does not affect the following Cisco products:

  • Adaptive Security Appliance (ASA) Software
  • FTD Software (1,2)
  • Next-Generation Intrusion Prevention System (NGIPS) Software
  1. Although the commands that are involved in an exploitation of this vulnerability are run on the FTD device, the vulnerability exists in the FMC web services interface.
  2. Standalone FTD devices managed by Cisco Firepower Device Manager (FDM) are not affected by this vulnerability.

Mitigations

Apply latest patches

Additional Resources

https://sec.cloudapps.cisco.com/security/center/publicationListing.x

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hN

https://nvd.nist.gov/vuln/detail/CVE-2023-20048