CVE-2023-20234 MEDIUM

CVE-2023-20234

Vendor Cisco
Product Cisco Adaptive Security Appliance (ASA) Software
Weakness CWE-73
Published August 23, 2023
Last update August 2, 2024

CVSS base score

4.4/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability.

Key dates

02Disclosure timeline

August 23, 2023 CVE published
August 2, 2024 Record updated