CVE-2023-20063

Name of the Vulnerable Software and Affected Versions Cisco Firepower Threat Defense (FTD) Software and Cisco Firepower Management Center (FMC) Software (affected versions not specified)

Description The issue is related to insufficient validation of user-supplied input in the inter-device communication mechanisms between devices running Cisco Firepower Threat Defense (FTD) Software and devices running Cisco Firepower Management (FMC) Software. An authenticated, local attacker could exploit this by accessing the expert mode of an affected device and submitting specific commands to a connected system, potentially allowing the execution of arbitrary commands with root permissions on the underlying operating system of an affected device. A successful exploit could allow the attacker to execute arbitrary code in the context of an FMC device if the attacker has administrative privileges on an associated FTD device, or vice versa.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.