[Japanese]
|
JVNDB-2023-000114
|
Multiple vulnerabilities in Cisco Firepower Management Center Software
|
Cisco Firepower Management Center Software provided by Cisco Systems contains multiple vulnerabilities listed below.
- OS command injection (CWE-78) - CVE-2023-20219
- Path traversal (CWE-22) - CVE-2023-20220
Kentaro Kawane of LAC Co., Ltd. reported these vulnerabilitis to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V3 Severity: Base Metrics 7.2 (High) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity: Base Metrics 7.1 (High) [IPA Score]
- Access Vector: Network
- Access Complexity: High
- Authentication: Single Instance
- Confidentiality Impact: Complete
- Integrity Impact: Complete
- Availability Impact: Complete
The above CVSS base scores have been assigned for CVE-2023-20220
|
CVSS V3 Severity:
Base Metrics
6.6 (Medium) [IPA Score]
-
Attack Vector: Network
-
Attack Complexity: High
-
Privileges Required: High
-
User Interaction: None
-
Scope: Unchanged
-
Confidentiality Impact: High
-
Integrity Impact: High
-
Availability Impact: High
CVSS V2 Severity:Base Metrics
7.1 (High)
[IPA Score]
-
Access Vector: Network
-
Access Complexity: High
-
Authentication: Single
-
Confidentiality Impact: Complete
-
Integrity Impact: Complete
-
Availability Impact: Complete
The above CVSS base scores have been assigned for CVE-2023-20219
|
|
Cisco Systems, Inc.
- Cisco Firepower Management Center Software version 6.7.0 to 7.3.1.1(CVE-2023-20219)
- Cisco Firepower Management Center Software version 6.2.3 to 7.3.1.1(CVE-2023-20220)
|
|
A user who can log in to the product may execute an arbitrary command - CVE-2023-20219, CVE-2023-20220
|
[Update the Software]
Update the software to the latest version according to the information provided by the developer.
|
Cisco Systems, Inc.
|
- Path Traversal(CWE-22) [IPA Evaluation]
- OS Command Injection(CWE-78) [IPA Evaluation]
|
- CVE-2023-20219
- CVE-2023-20220
|
- JVN : JVN#17806703
- National Vulnerability Database (NVD) : CVE-2023-20219
- National Vulnerability Database (NVD) : CVE-2023-20220
|
- [2023/11/13]
Web page was published
- [2023/11/16]
CVSS Severity was modified
- [2024/05/07]
References : Contents were added
|