Cisco Secure Firewall Management Center Software Vulnerability Allows Arbitrary Code Execution
CVE-2024-20374

7.2HIGH

Key Information:

Vendor: Cisco
Status: Cisco Firepower Management Center
Vendor: CVE Published:; 23 October 2024

Badges

👾 Exploit Exists

What is CVE-2024-20374?

A vulnerability exists in the web management interface of Cisco Secure Firewall Management Center Software, allowing an authenticated remote attacker with Administrator-level privileges to execute arbitrary commands on the operating system. This issue stems from inadequate input validation of specific HTTP request parameters. An attacker could exploit this vulnerability by authenticating and sending a specially crafted HTTP request, potentially gaining access to execute commands as the root user on the device. Proper input validation measures and authentication safeguards are crucial to mitigate this risk.

Affected Version(s)

Cisco Firepower Management Center 6.7.0

Cisco Firepower Management Center 6.7.0.1

Cisco Firepower Management Center 6.7.0.2

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Oct 24, 2024
Vulnerability published
Oct 23, 2024