Cisco has released software updates to address a command injection vulnerability in the Firepower Management Center (FMC). Tracked as CVE-2023-20048, the vulnerability has been given a critical severity rating with a CVSS base score of 9.9. Successful exploitation of the vulnerability may allow an attacker to execute specific unauthorized configuration commands on a Firepower Threat Defense (FTD) device managed by the FMC Software.
Cisco Secure Firewall Management Centre (FMC) is an administrative hub for Cisco Network Security Solutions. It offers comprehensive and centralized control over advanced malware protection, firewalls, application control, intrusion prevention, and URL filtering.
Vulnerability Description
The vulnerability arises due to the inadequate authorization of configuration commands received via the web service interface. An attacker could exploit this vulnerability by authenticating the FMC web services interface and submitting a constructed HTTP request. An attacker may run specific configuration commands on the target FTD device on successful exploitation. The FMC Software’s legitimate credentials are a prerequisite for an attacker to exploit this vulnerability successfully.
Affected Versions
- From 6.2.3 prior to 6.4.0.17
- From 6.5.0 prior to 7.0.6
- From 7.1.0 prior to 7.2.4
Mitigation
Cisco has released free software updates to address the vulnerability. Customers can refer to the Cisco Security Advisory (cisco-sa-fmc-cmd-inj-29MP49hN) for information about the vulnerability.
Qualys Detection
Qualys customers can scan their devices with QID 317378 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References