CVE-2023-20155

Name of the Vulnerable Software and Affected Versions Cisco Firepower Management Center (FMC) Software (affected versions not specified)

Description The issue is related to a lack of rate-limiting of requests sent to a specific API related to an FMC log, which could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. An attacker with valid user credentials, but not Administrator privileges, could also view a system log file that they would not normally have access to. The vulnerability can be exploited by sending a high rate of HTTP requests to the API, potentially causing a denial of service (DoS) condition due to the FMC CPU spiking to 100 percent utilization or to the device reloading.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.