Cisco FMC XSS in web UI stored XSS
CVE-2023-20206 Published on November 1, 2023

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.

NVD

Vulnerability Analysis

CVE-2023-20206 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

CHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2023-20206 has been classified to as a XSS vulnerability or weakness.

Products Associated with CVE-2023-20206

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-20206 are published in these products:

Cisco Firepower Management Center

Cisco Secure Firewall Management Center

Affected Versions

Cisco Firepower Management Center:

Version 6.6.0 is affected.
Version 6.6.0.1 is affected.
Version 6.6.1 is affected.
Version 6.6.3 is affected.
Version 6.6.4 is affected.
Version 6.6.5 is affected.
Version 6.6.5.1 is affected.
Version 6.6.5.2 is affected.
Version 6.6.7 is affected.
Version 6.6.7.1 is affected.
Version 6.7.0 is affected.
Version 6.7.0.1 is affected.
Version 6.7.0.2 is affected.
Version 6.7.0.3 is affected.
Version 7.0.0 is affected.
Version 7.0.0.1 is affected.
Version 7.0.1 is affected.
Version 7.0.1.1 is affected.
Version 7.0.2 is affected.
Version 7.0.2.1 is affected.
Version 7.0.3 is affected.
Version 7.0.4 is affected.
Version 7.0.5 is affected.
Version 7.1.0 is affected.
Version 7.1.0.1 is affected.
Version 7.1.0.2 is affected.
Version 7.1.0.3 is affected.
Version 7.2.0 is affected.
Version 7.2.1 is affected.
Version 7.2.2 is affected.
Version 7.2.0.1 is affected.
Version 7.2.3 is affected.
Version 7.2.3.1 is affected.
Version 7.2.4 is affected.
Version 7.3.0 is affected.
Version 7.3.1 is affected.
Version 7.3.1.1 is affected.

Exploit Probability

EPSS

0.09%

Percentile

25.19%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.