CVE-2024-20374

CWE-269Improper Privilege Management4 documents4 sources
Severity
7.2HIGH
EPSS
0.1%
top 75.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Firepower Management CenterCisco Secure Firewall Management Center
Timeline
PublishedOct 23

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient input validation of certain HTTP request parameters that are sent to the web-based management interface. An attacker could exploit this vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages2 packages

CVEListV5cisco/cisco_firepower_management_center42 versions+41

🔴Vulnerability Details

2
CVEList
CVE-2024-20374: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center2024-10-23
GHSA
GHSA-vv26-9jw2-p445: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center2024-10-23

📋Vendor Advisories

1
Cisco
Cisco Secure Firewall Management Center Software Command Injection Vulnerability2024-10-23