CVE-2024-20388 — Exposure of Sensitive Information Through Data Queries in Cisco Firepower Management Center

CWE-202 — Exposure of Sensitive Information Through Data Queries CWE-79 — Cross-site Scripting4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.7%

top 27.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Management Center Cisco Firepower Threat Defense Software Cisco Firepower Management Center +2 more

Timeline

PublishedOct 23

Description

A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced p…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶NVDcisco/firepower_management_center14 versions+13

▶CVEListV5cisco/cisco_firepower_management_center91 versions+90

▶NVDcisco/secure_firewall_management_center77 versions+76

▶CVEListV5cisco/cisco_firepower_threat_defense_software13 versions+12

▶NVDcisco/firepower_threat_defense13 versions+12

🔴Vulnerability Details

CVEList

CVE-2024-20388: A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to↗2024-10-23

▶

GHSA

GHSA-jwpj-m256-82wg: A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to↗2024-10-23

▶

📋Vendor Advisories

Cisco

Cisco Secure Firewall Management Center Software Cross-Site Scripting and Information Disclosure Vulnerabilities↗2024-10-23

▶