CVE-2023-20015

MEDIUM

Cisco Firepower < - Command Injection

Title source: llm

Description

A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute unauthorized commands within the CLI. An attacker with Administrator privileges could also execute arbitrary commands on the underlying operating system of Cisco UCS 6400 and 6500 Series Fabric Interconnects with root-level privileges.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxfp-cmdinj-XXBZjtR

Scores

CVSS v3 6.0

EPSS 0.0011

EPSS Percentile 29.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (12)

cisco/firepower_extensible_operating_system

cisco/ucs_6200_firmware

cisco/ucs_6248up_firmware

cisco/ucs_6296up_firmware

cisco/ucs_6300_firmware

cisco/ucs_6324_firmware

cisco/ucs_6332-16up_firmware

cisco/ucs_6332_firmware

cisco/ucs_64108_firmware

cisco/ucs_6454_firmware

... and 2 more

Published Feb 23, 2023

Tracked Since Feb 18, 2026