- 320/2023
- Critical
Cisco has released a security update to fix two vulnerabilities across multiple products.
The addressed vulnerabilities could allow the remote attacker to bypass security restrictions or execute arbitrary code to manipulate file upload parameters and enable path traversal, this can lead to uploading a malicious file used to perform a remote code execution attack on the affected system.
The addressed vulnerabilities:
1. Apache Struts Code Execution Vulnerability Affecting Cisco Products (CVE- 2023-50164):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Cisco ASA and FTD Software Security Bypass Vulnerability (CVE-2023-20275):
- CVSS: 4.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Bypass Security
Affected Products:
- Apache Struts.
- Cisco Firepower Threat Defense (FTD).
- Cisco Adaptive Security Appliance (ASA).
Vulnerabilities
- CVE-2023-50164
- CVE-2023-20275
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.