On November 1, 2023, a critical vulnerability was identified in Cisco's Firepower Management Center (FMC) Software, as disclosed in a security advisory from Cisco. The vulnerability, known as CVE-2023-20048, has a CVSS score of 9.9, classifying it as one of the most serious security vulnerabilities to date.
The vulnerability is deeply rooted in the core functionality of Cisco’s FMC Software, posing a significant threat to network defenses. The FMC is the central control system for Cisco’s Firepower Threat Defense (FTD), responsible for orchestrating security measures and protecting networks from threats. The discovered vulnerability exposes a flaw in the web services interface of the FMC software, providing a potential entry point for authenticated users to seize control of the system.
The vulnerability, CVE-2023-20048, is a command injection vulnerability in the web services interface of the Cisco FMC Software. An attacker could potentially exploit this vulnerability to execute arbitrary commands on the underlying operating system of the FMC device, gaining full control over the device. This could further allow the attacker to access the FTD devices managed by the FMC.
To exploit this vulnerability, an attacker would need valid credentials for the FMC web services interface. Once authenticated, they could send a specially crafted HTTP request to the FMC device, enabling them to execute arbitrary commands. The implications of this vulnerability are extremely severe. A successful exploit could compromise the FMC device and provide access to the FTD devices managed by it, potentially allowing the attacker to disable the FTD devices or steal sensitive data processed by them.
In response to the discovery of this vulnerability, Cisco has issued software updates to rectify the flaw. Fortunately, there have been no reported instances of malicious use or public disclosures of this security vulnerability. Users of Cisco FMC Software are urged to update to the latest version as soon as possible. Cisco has released software updates that address this vulnerability, and currently, there are no workarounds to mitigate this vulnerability.