CVE-2023-20114

Name of the Vulnerable Software and Affected Versions Cisco Firepower Management Center (FMC) Software (affected versions not specified)

Description The issue is related to insufficient input validation in the file download feature of Cisco Firepower Management Center (FMC) Software. This could allow a remote attacker to download arbitrary files from an affected system by sending a crafted HTTPS request to the /api endpoint, specifically exploiting the lack of input sanitation.

Recommendations As a temporary workaround, consider restricting access to the file download feature until a patch is available. Avoid using the file download feature in the affected Cisco Firepower Management Center (FMC) Software until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.