CVE-2024-20424

CWE-78OS Command Injection4 documents4 sources
Severity
9.9CRITICAL
EPSS
1.4%
top 19.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Firepower Management CenterCisco Secure Firewall Management Center
Timeline
PublishedOct 23

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient input validation of certain HTTP requests. An attacker could exploit this vulnerability by authenticating to the web-based management interface of an affected device and then sen

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

CVEListV5cisco/cisco_firepower_management_center92 versions+91

🔴Vulnerability Details

2
GHSA
GHSA-9688-r3h2-vvjq: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center2024-10-23
CVEList
CVE-2024-20424: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center2024-10-23

📋Vendor Advisories

1
Cisco
Cisco Secure Firewall Management Center Software Command Injection Vulnerability2024-10-23
CVE-2024-20424 (CRITICAL CVSS 9.9) | A vulnerability in the web-based ma | cvebase.io