CVE-2024-20274Improper Input Validation in Cisco Firepower Management Center

CWE-20Improper Input ValidationCWE-79Cross-site Scripting4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 55.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Firepower Management CenterCisco Secure Firewall Management Center
Timeline
PublishedOct 23

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by submitting malicious content to an affected device and using the device to generate a document that contai

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5cisco/cisco_firepower_management_center86 versions+85

🔴Vulnerability Details

2
CVEList
Cisco Secure Firewall Management Center HTML Injection Vulnerability2024-10-23
GHSA
GHSA-4jwf-2c3g-hqmj: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center2024-10-23

📋Vendor Advisories

1
Cisco
Cisco Secure Firewall Management Center Software HTML Injection Vulnerability2024-10-23
CVE-2024-20274 — Improper Input Validation in Cisco | cvebase