Cisco Secure Firewall Management Center Software Vulnerability Allows Arbitrary Code Execution
CVE-2024-20374
7.2HIGH
What is CVE-2024-20374?
A vulnerability exists in the web management interface of Cisco Secure Firewall Management Center Software, allowing an authenticated remote attacker with Administrator-level privileges to execute arbitrary commands on the operating system. This issue stems from inadequate input validation of specific HTTP request parameters. An attacker could exploit this vulnerability by authenticating and sending a specially crafted HTTP request, potentially gaining access to execute commands as the root user on the device. Proper input validation measures and authentication safeguards are crucial to mitigate this risk.
Affected Version(s)
Cisco Firepower Management Center 6.7.0
Cisco Firepower Management Center 6.7.0.1
Cisco Firepower Management Center 6.7.0.2