CVE-2024-20379

CWE-36CWE-22Path Traversal4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 53.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Cisco Firepower Management CenterCisco Firepower Management CenterCisco Secure Firewall Management Center
Timeline
PublishedOct 23

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDcisco/firepower_management_center7.4.0, 7.4.1, 7.4.1.1+2

🔴Vulnerability Details

2
CVEList
CVE-2024-20379: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center2024-10-23
GHSA
GHSA-pj9f-9jr9-4wm7: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center2024-10-23

📋Vendor Advisories

1
Cisco
Cisco Secure Firewall Management Center Software Arbitrary File Read Vulnerability2024-10-23
CVE-2024-20379 (MEDIUM CVSS 6.5) | A vulnerability in the web-based ma | cvebase.io