Cisco Firepower Management Center Software Vulnerability: SQL Injection Attacks Possible

CVE-2024-20360
8.8HIGH

Key Information

Vendor
Cisco
Status
Firepower Management Center
Vendor
CVE Published:
22 May 2024

Badges

đź‘ľ Exploit Existsđź“° News Worthy

Summary

A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software’s web-based management interface. This vulnerability, tracked as CVE-2024-20360, could allow authenticated, remote attackers to conduct SQL injection attacks on affected systems, potentially leading to unauthorized data access, command execution on the underlying operating system, and privilege escalation to root. Cisco has released software updates to address this critical vulnerability and strongly recommends that all users of affected Cisco FMC Software versions upgrade to the fixed software releases to mitigate the risks associated with this vulnerability.

News Articles

favicon imageCyber Security Informer

Top Cyber Security Informer Penetration Testing Artificial Intelligence Content for Thu.May 23, 2024

Best content around Penetration Testing Artificial Intelligence selected by the Cyber Security Informer community.

4 months ago

favicon imageGBHackers on Security

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

 A vulnerability has been identified in the web-based management interface of Cisco FMC Software, potentially allowing authentication.

4 months ago

favicon imageRewterz

Multiple Cisco Products Vulnerabilities - Rewterz

Cisco Firepower Management Center Software is vulnerable to SQL injection.

4 months ago

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź‘ľ

    Exploit exists.

  • First article discovered by Rewterz

  • Vulnerability published.

Collectors

NVD Database3 News Article(s)
.