CVE-2024-20361

CWE-2644 documents4 sources

Severity

5.8MEDIUM

EPSS

0.1%

top 65.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Firepower Management Center Cisco Cisco Firepower Threat Defense Software Cisco Secure Firewall Management Center

Timeline

PublishedMay 22

Description

A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software. This vulnerability is due to the incorrect deployment of the Object Groups for ACLs feature from Cisco FMC Software to managed FTD devices in high-availability setups. After an affected device is reboote…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5cisco/cisco_firepower_threat_defense_softwareN/A

▶CVEListV5cisco/cisco_firepower_management_center12 versions+11

▶NVDcisco/secure_firewall_management_center12 versions+11

🔴Vulnerability Details

GHSA

GHSA-x2q5-6p7x-mg68: A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauth↗2024-05-22

▶

CVEList

CVE-2024-20361: A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauth↗2024-05-22

▶

📋Vendor Advisories

Cisco

Cisco Firepower Management Center Software Object Group Access Control List Bypass Vulnerability↗2024-05-22

▶