VDB
CVE-2023-20114
CVE-2023-20114
PUBLISHED
Es besteht eine Schwachstelle in Cisco Firepower. Dieser Fehler besteht in der Funktion zum Herunterladen von Dateien aufgrund einer fehlenden Eingabesanierung, die es ermöglicht, beliebige Dateien von einem betroffenen System herunterzuladen. Durch das Senden einer manipulierten HTTPS-Anfrage kann ein entfernter, authentifizierter Angreifer diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.
EPSS 0.16% · 37.2th percentile
Risk Scores
EPSS Score
0.16%
37.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Firepower Management Center |
Exploit Intelligence
Timeline
- Nov 1, 2023 CVE Published
- Nov 2, 2023 EPSS Score
- Dec 3, 2023 EPSS Score
- Jan 2, 2024 EPSS Score
- Feb 2, 2024 EPSS Score
- Mar 4, 2024 EPSS Score
- Apr 3, 2024 EPSS Score
- May 4, 2024 EPSS Score
- Jun 4, 2024 EPSS Score
- Jul 5, 2024 EPSS Score
- Aug 4, 2024 EPSS Score
- Sep 4, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2811.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2811 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-sK2gkfvJ advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-logview-dos-AYJdeX55 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-file-download-7js4ug2J advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmdinj-bTEgufOX advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hN advisory