How severe is CVE-2023-20234?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6 out of 10.

What type of vulnerability is CVE-2023-20234?

This is classified as CWE-73, which is a common weakness in software security.

CVE-2023-20234 - MEDIUM Severity | CVSS 6

Vulnerability Description

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability.

Related Vulnerabilities

CVE-2021-34761

MEDIUM

CVSS:6.0(Medium)

A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The att...

CWE-732021

CVE-2020-8553

MEDIUM

CVSS:5.9(Medium)

The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingr...

CWE-732020

CVE-2025-1056

MEDIUM

CVSS:6.1(Medium)

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or...

CWE-732025

CVE-2025-32802

MEDIUM

CVSS:6.1(Medium)

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured b...

CWE-732025

CVE-2025-4602

MEDIUM

CVSS:5.9(Medium)

The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to, and including, 1.2.5 via the get_file() function. This makes it possible f...

CWE-732025

CVE-2025-29819

MEDIUM

CVSS:6.2(Medium)

External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.

CWE-732025