CVE-2023-20041
Summary
Multiple vulnerabilities exist in the web-based management interface of Cisco Firepower Management Center (FMC) Software. These flaws could permit an unauthenticated, remote attacker to execute stored cross-site scripting (XSS) attacks against users of the interface. A successful exploit could lead to arbitrary script execution in the user's browser context or access to sensitive information, with potential for temporary availability impact on the FMC Dashboard.
IFF Assessment
This vulnerability allows unauthenticated remote attackers to execute arbitrary code in the context of a user's browser, posing a direct threat to defenders.
Severity
Defender Context
This vulnerability allows for stored XSS attacks, meaning attackers can inject malicious scripts that are then served to other users of the FMC interface. Defenders should prioritize patching or mitigating this vulnerability to prevent unauthorized code execution and potential data exfiltration through compromised user sessions.