CVE-2023-20063: 
Cisco Firepower Threat Defense (FTD) vulnerability analysis and mitigation

A vulnerability (CVE-2023-20063) was discovered in the inter-device communication mechanisms between Cisco Firepower Threat Defense (FTD) Software and Cisco Firepower Management Center (FMC) Software. This high-severity vulnerability, with a CVSS base score of 8.2, was first published on November 1, 2023. The vulnerability affects multiple versions of Cisco FTD and FMC Software that are configured to allow administrators to use expert mode, which is accessible by default to any administrator (Cisco Advisory).

The vulnerability stems from insufficient validation of user-supplied input in the inter-device communication mechanisms. It has been assigned a CVSS score of 8.2 (High) with the following vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. This indicates a local attack vector, low attack complexity, high privileges required, no user interaction needed, and changed scope with high impact on confidentiality, integrity, and availability (NVD).

A successful exploitation of this vulnerability allows an attacker to execute arbitrary commands with root permissions on the underlying operating system of an affected device. Specifically, an attacker can execute arbitrary code in the context of an FMC device if they have administrative privileges on an associated FTD device, or vice versa (Cisco Advisory).

Cisco has released software updates that address this vulnerability. There are no workarounds available. Customers with service contracts can obtain security fixes through their usual update channels. Those without service contracts should contact the Cisco Technical Assistance Center (TAC) for assistance (Cisco Advisory).