What is CVE-2023-20234?

CVE-2023-20234 is a vulnerability in the CLI of Cisco FXOS Software that allows an authenticated, local attacker to create or overwrite files on the affected device.

What is the severity of CVE-2023-20234?

The severity of CVE-2023-20234 is medium with a CVSS score of 6.

How does CVE-2023-20234 occur?

CVE-2023-20234 occurs due to a lack of validation of parameters in a specific CLI command.

Which software is affected by CVE-2023-20234?

Cisco FXOS Software is affected by CVE-2023-20234.

How can I fix CVE-2023-20234?

Cisco has released a security advisory with mitigation details. Please refer to the advisory for instructions on fixing CVE-2023-20234.

Vulnerability/
CVE-2023-20234

medium

CWE

732 73

23/8/2023

2/8/2024

CVE-2023-20234

First published: Wed Aug 23 2023(Updated: )

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability.

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Firepower Extensible Operating System
Cisco Firepower 1000
Cisco Firepower 1010
Cisco Firepower 1020
Cisco Firepower 1030
Cisco Firepower 1040
Cisco Firepower 2100
Cisco Firepower 2110
Cisco Firepower 2120
Cisco Firepower 2130
Cisco Firepower 2140
Cisco Firepower 4100
Cisco Firepower 4110
Cisco Firepower 4110 Next-generation Firewall
Cisco Firepower 4112
Cisco Firepower 4115
Cisco Firepower 4120
Cisco Firepower 4120 Next-generation Firewall
Cisco Firepower 4125
Cisco Firepower 4140
Cisco Firepower 4140 Next-generation Firewall
Cisco Firepower 4145
Cisco Firepower 4150
Cisco Firepower 4150 Next-generation Firewall
Cisco Firepower 9300
Cisco Firepower 9300 Security Appliance
Cisco Firepower 9300 Sm-24
Cisco Firepower 9300 Sm-36
Cisco Firepower 9300 Sm-40
Cisco Firepower 9300 Sm-44
Cisco Firepower 9300 Sm-44 X 3
Cisco Firepower 9300 Sm-48
Cisco Firepower 9300 Sm-56
Cisco Firepower 9300 Sm-56 X 3
Cisco Firepower 9300 With 1 Sm-24 Module
Cisco Firepower 9300 With 1 Sm-36 Module
Cisco Firepower 9300 With 1 Sm-44 Module
Cisco Firepower 9300 With 3 Sm-44 Module
Cisco Secure Firewall 3105
Cisco Secure Firewall 3110
Cisco Secure Firewall 3120
Cisco Secure Firewall 3130
Cisco Secure Firewall 3140
All of
Cisco Firepower Extensible Operating System
Any of
Cisco Firepower 1000
Cisco Firepower 1010
Cisco Firepower 1020
Cisco Firepower 1030
Cisco Firepower 1040
Cisco Firepower 2100
Cisco Firepower 2110
Cisco Firepower 2120
Cisco Firepower 2130
Cisco Firepower 2140
Cisco Firepower 4100
Cisco Firepower 4110
Cisco Firepower 4110 Next-generation Firewall
Cisco Firepower 4112
Cisco Firepower 4115
Cisco Firepower 4120
Cisco Firepower 4120 Next-generation Firewall
Cisco Firepower 4125
Cisco Firepower 4140
Cisco Firepower 4140 Next-generation Firewall
Cisco Firepower 4145
Cisco Firepower 4150
Cisco Firepower 4150 Next-generation Firewall
Cisco Firepower 9300
Cisco Firepower 9300 Security Appliance
Cisco Firepower 9300 Sm-24
Cisco Firepower 9300 Sm-36
Cisco Firepower 9300 Sm-40
Cisco Firepower 9300 Sm-44
Cisco Firepower 9300 Sm-44 X 3
Cisco Firepower 9300 Sm-48
Cisco Firepower 9300 Sm-56
Cisco Firepower 9300 Sm-56 X 3
Cisco Firepower 9300 With 1 Sm-24 Module
Cisco Firepower 9300 With 1 Sm-36 Module
Cisco Firepower 9300 With 1 Sm-44 Module
Cisco Firepower 9300 With 3 Sm-44 Module
Cisco Secure Firewall 3105
Cisco Secure Firewall 3110
Cisco Secure Firewall 3120
Cisco Secure Firewall 3130
Cisco Secure Firewall 3140

Never miss a vulnerability like this again

Reference Links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-arbitrary-file-BLk6YupL

Frequently Asked Questions

What is CVE-2023-20234?
CVE-2023-20234 is a vulnerability in the CLI of Cisco FXOS Software that allows an authenticated, local attacker to create or overwrite files on the affected device.
What is the severity of CVE-2023-20234?
The severity of CVE-2023-20234 is medium with a CVSS score of 6.
How does CVE-2023-20234 occur?
CVE-2023-20234 occurs due to a lack of validation of parameters in a specific CLI command.
Which software is affected by CVE-2023-20234?
Cisco FXOS Software is affected by CVE-2023-20234.
How can I fix CVE-2023-20234?
Cisco has released a security advisory with mitigation details. Please refer to the advisory for instructions on fixing CVE-2023-20234.

collector/nvd-index
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/references
agent/weakness
agent/tags
agent/description
agent/first-publish-date
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/cisco
canonical/cisco firepower extensible operating system
canonical/cisco firepower 1000
canonical/cisco firepower 1010
canonical/cisco firepower 1020
canonical/cisco firepower 1030
canonical/cisco firepower 1040
canonical/cisco firepower 2100
canonical/cisco firepower 2110
canonical/cisco firepower 2120
canonical/cisco firepower 2130
canonical/cisco firepower 2140
canonical/cisco firepower 4100
canonical/cisco firepower 4110
canonical/cisco firepower 4110 next-generation firewall
canonical/cisco firepower 4112
canonical/cisco firepower 4115
canonical/cisco firepower 4120
canonical/cisco firepower 4120 next-generation firewall
canonical/cisco firepower 4125
canonical/cisco firepower 4140
canonical/cisco firepower 4140 next-generation firewall
canonical/cisco firepower 4145
canonical/cisco firepower 4150
canonical/cisco firepower 4150 next-generation firewall
canonical/cisco firepower 9300
canonical/cisco firepower 9300 security appliance
canonical/cisco firepower 9300 sm-24
canonical/cisco firepower 9300 sm-36
canonical/cisco firepower 9300 sm-40
canonical/cisco firepower 9300 sm-44
canonical/cisco firepower 9300 sm-44 x 3
canonical/cisco firepower 9300 sm-48
canonical/cisco firepower 9300 sm-56
canonical/cisco firepower 9300 sm-56 x 3
canonical/cisco firepower 9300 with 1 sm-24 module
canonical/cisco firepower 9300 with 1 sm-36 module
canonical/cisco firepower 9300 with 1 sm-44 module
canonical/cisco firepower 9300 with 3 sm-44 module
canonical/cisco secure firewall 3105
canonical/cisco secure firewall 3110
canonical/cisco secure firewall 3120
canonical/cisco secure firewall 3130
canonical/cisco secure firewall 3140