Cisco Secure Firewall Management Center Software Vulnerability Allows Arbitrary Code Execution
CVE-2024-20374

7.2HIGH

Key Information:

Vendor

Cisco

Vendor
CVE Published:
23 October 2024

Badges

👾 Exploit Exists

What is CVE-2024-20374?

A vulnerability exists in the web management interface of Cisco Secure Firewall Management Center Software, allowing an authenticated remote attacker with Administrator-level privileges to execute arbitrary commands on the operating system. This issue stems from inadequate input validation of specific HTTP request parameters. An attacker could exploit this vulnerability by authenticating and sending a specially crafted HTTP request, potentially gaining access to execute commands as the root user on the device. Proper input validation measures and authentication safeguards are crucial to mitigate this risk.

Affected Version(s)

Cisco Firepower Management Center 6.7.0

Cisco Firepower Management Center 6.7.0.1

Cisco Firepower Management Center 6.7.0.2

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

.