CVE-2023-20219

Name of the Vulnerable Software and Affected Versions Cisco Firepower Management Center (FMC) Software (affected versions not specified)

Description The issue is due to insufficient validation of user-supplied input for certain configuration options in the web management interface. An authenticated, remote attacker could exploit this by using crafted input within the device configuration GUI, allowing them to execute arbitrary commands on the device, including the underlying operating system, which could also affect the device's availability. The attacker would need valid device credentials but does not require administrator privileges to exploit this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.