CVE-2023-20048: Critical Bug Discovered in Cisco Firepower Management Center

CVE-2023-20048

On November 1, 2023, Cisco released a security advisory warning of a critical vulnerability in its Firepower Management Center (FMC) Software. The vulnerability, CVE-2023-20048, has a CVSS score of 9.9, making it one of the most severe security vulnerabilities ever discovered.

CVE-2023-20048 doesn’t merely scratch the surface of Cisco’s Firepower Management Center (FMC) Software—it bores deep into its core functionality, threatening the very integrity of network defenses. The FMC is the brains behind Cisco’s Firepower Threat Defense (FTD), orchestrating security measures and shielding networks from threats. The vulnerability lays bare an oversight in the web services interface of this software, a gateway for the authenticated, yet not necessarily authorized, to commandeer the system.

The vulnerability is a command injection vulnerability in the web services interface of Cisco FMC Software. This means that an attacker could exploit the vulnerability to execute arbitrary commands on the underlying operating system of the FMC device. This could give the attacker complete control over the FMC device, and could also allow the attacker to gain access to the Firepower Threat Defense (FTD) devices that are managed by the FMC device.

To exploit the vulnerability, an attacker would need to have valid credentials for the FMC web services interface. Once the attacker has authenticated, they could send a crafted HTTP request to the FMC device that would allow them to execute arbitrary commands.

The impact of this vulnerability is very severe. A successful exploit could allow an attacker to compromise the FMC device and gain access to the FTD devices that are managed by the FMC device. This could allow the attacker to disrupt or disable the FTD devices, or to steal sensitive data that is being processed by the FTD devices.

Cisco has acted with due diligence, fortifying the digital battlements by issuing software updates to patch the exposed vulnerability. The silver lining is that there have been no reports of malevolent use or public announcements of this security flaw.

If you use Cisco FMC Software, it is important to update to the latest version as soon as possible. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.