cbcvebase.
CVE-2024-20274
published 2024-10-23

CVE-2024-20274: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software…

medium5.5CVSS 3.1
AVNACLPRHUINSCCLILAN
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by submitting malicious content to an affected device and using the device to generate a document that contains sensitive information. A successful exploit could allow the attacker to alter the standard layout of the device-generated documents, access arbitrary files from the underlying operating system, and conduct server-side request forgery (SSRF) attacks. To successfully exploit this vulnerability, an attacker would need valid credentials for a user account with policy-editing permissions, such as Network Admin, Intrusion Admin, or any custom user role with the same capabilities.

Affected

173 ranges· showing 25
VendorProductVersion rangeFixed in
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center
ciscocisco_firepower_management_center