- 282/2023
- Critical
Cisco has released security updates to fix several vulnerabilities across multiple products.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, conduct cross-site scripting or perform denial of service attacks, execute arbitrary commands, and gain access to the affected system by sending a specially crafted HTTP request.
Sample of the addressed vulnerabilities:
1. Cisco Firepower Management Center Software Command Execution (CVE- 2023-20048):
- CVSS: 9.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. Cisco Firepower Threat Defense Denial of Service (CVE-2023-20083):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.