CVE-2024-20387

CWE-79 — Cross-site Scripting (XSS)CWE-2024 documents4 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 43.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Firepower Management Center Cisco Firepower Management Center Cisco Secure Firewall Management Center

Timeline

PublishedOct 23

Description

A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to conduct a stored XSS attack on an affected device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶NVDcisco/firepower_management_center14 versions+13

▶CVEListV5cisco/cisco_firepower_management_center38 versions+37

▶NVDcisco/secure_firewall_management_center24 versions+23

🔴Vulnerability Details

CVEList

CVE-2024-20387: A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content f↗2024-10-23

▶

GHSA

GHSA-hr33-3275-hjcv: A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content f↗2024-10-23

▶

📋Vendor Advisories

Cisco

Cisco Secure Firewall Management Center Software Cross-Site Scripting and Information Disclosure Vulnerabilities↗2024-10-23

▶