CVE-2024-20275 — OS Command Injection in Cisco Firepower Management Center

CWE-78 — OS Command Injection4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 63.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Management Center Cisco Secure Firewall Management Center

Timeline

PublishedOct 23

Description

A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient validation of user data that is supplied through the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A succ…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:NExploitability: 0.9 | Impact: 5.2

Affected Packages2 packages

▶NVDcisco/secure_firewall_management_center22 versions+21

▶CVEListV5cisco/cisco_firepower_management_center22 versions+21

🔴Vulnerability Details

GHSA

GHSA-jgqf-4rxm-w86h: A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software↗2024-10-23

▶

CVEList

Cisco Secure Firewall Management Center Software Backup Cluster Command Injection Vulnerability↗2024-10-23

▶

📋Vendor Advisories

Cisco

Cisco Secure Firewall Management Center Software Cluster Backup Command Injection Vulnerability↗2024-10-23

▶