CVE-2024-20275

CVSS V2 None CVSS V3 None

Description

A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient validation of user data that is supplied through the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary operating system commands on the affected device. To exploit this vulnerability, an attacker would need valid credentials for a user account with at least the role of Network Administrator. In addition, the attacker would need to persuade a legitimate user to initiate a cluster backup on the affected device.

Overview

CVE ID
CVE-2024-20275

Assigner
cisco

Vulnerability Status
PUBLISHED

Published Version
2024-10-23T17:07:44.671Z

Last Modified Date
2024-10-23T19:49:28.407Z

Weakness Enumerations

CWE	URL
CWE-78	http://cwe.mitre.org/data/definitions/78.html

References

Reference URL	Reference Tags
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-g8AOKnDP
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO
https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-20275
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20275

History

Created	Old Value	New Value	Data Type	Notes
2024-10-24 13:23:20				Added to TrackCVE