Cisco Firepower Management Center up to 7.3.1.1 HTTP improper authorization

Summaryinfo

A vulnerability identified as critical has been detected in Cisco Firepower Management Center. The affected element is an unknown function of the component HTTP Handler. Performing a manipulation results in improper authorization. This vulnerability is cataloged as CVE-2023-20048. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

Detailsinfo

A vulnerability was found in Cisco Firepower Management Center (Firewall Software). It has been classified as critical. This affects some unknown functionality of the component HTTP Handler. The manipulation with an unknown input leads to a improper authorization vulnerability. CWE is classifying the issue as CWE-285. The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software. This vulnerability is due to insufficient authorization of configuration commands that are sent through the web service interface. An attacker could exploit this vulnerability by authenticating to the FMC web services interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute certain configuration commands on the targeted FTD device. To successfully exploit this vulnerability, an attacker would need valid credentials on the FMC Software.

The weakness was shared 11/01/2023 as cisco-sa-fmc-cmd-inj-29MP49hN. It is possible to read the advisory at sec.cloudapps.cisco.com. This vulnerability is uniquely identified as CVE-2023-20048 since 10/27/2022. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 11/29/2023). The attack technique deployed by this issue is T1548.002 according to MITRE ATT&CK.

Upgrading eliminates this vulnerability.

Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Type

• Firewall Software

Vendor

• Cisco

Name

• Firepower Management Center

Version

• 6.2.3
• 6.2.3.1
• 6.2.3.2
• 6.2.3.3
• 6.2.3.4
• 6.2.3.5
• 6.2.3.6
• 6.2.3.7
• 6.2.3.8
• 6.2.3.9
• 6.2.3.10
• 6.2.3.11
• 6.2.3.12
• 6.2.3.13
• 6.2.3.14
• 6.2.3.15
• 6.2.3.16
• 6.2.3.17
• 6.2.3.18
• 6.4.0
• 6.4.0.1
• 6.4.0.2
• 6.4.0.3
• 6.4.0.4
• 6.4.0.5
• 6.4.0.6
• 6.4.0.7
• 6.4.0.8
• 6.4.0.9
• 6.4.0.10
• 6.4.0.11
• 6.4.0.12
• 6.4.0.13
• 6.4.0.14
• 6.4.0.15
• 6.4.0.16
• 6.6.0
• 6.6.0.1
• 6.6.1
• 6.6.3
• 6.6.4
• 6.6.5
• 6.6.5.1
• 6.6.5.2
• 6.6.7
• 6.6.7.1
• 6.7.0
• 6.7.0.1
• 6.7.0.2
• 6.7.0.3
• 7.0.0
• 7.0.0.1
• 7.0.1
• 7.0.1.1
• 7.0.2
• 7.0.2.1
• 7.0.3
• 7.0.4
• 7.0.5
• 7.1.0
• 7.1.0.1
• 7.1.0.2
• 7.1.0.3
• 7.2.0
• 7.2.0.1
• 7.2.1
• 7.2.2
• 7.2.3
• 7.2.3.1
• 7.3.0
• 7.3.1
• 7.3.1.1

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion