Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2024-3267
Vulnerability from csaf_certbund
Published
2024-10-23 22:00
Modified
2024-10-23 22:00
Summary
Cisco Secure Firewall Management Center: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Cisco Secure Firewall Management Center ist eine zentralisierte Plattform, die eine Verwaltung und Überwachung von Cisco Firewall-Geräten ermöglicht.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Cisco Secure Firewall Management Center ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, vertrauliche Informationen preiszugeben, beliebigen Code auszuführen, Daten zu manipulieren und erhöhte Rechte zu erlangen.
Betroffene Betriebssysteme
- CISCO Appliance
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Das Cisco Secure Firewall Management Center ist eine zentralisierte Plattform, die eine Verwaltung und Überwachung von Cisco Firewall-Geräten ermöglicht.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Cisco Secure Firewall Management Center ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, vertrauliche Informationen preiszugeben, beliebigen Code auszuführen, Daten zu manipulieren und erhöhte Rechte zu erlangen.", title: "Angriff", }, { category: "general", text: "- CISCO Appliance", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3267 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3267.json", }, { category: "self", summary: "WID-SEC-2024-3267 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3267", }, { category: "external", summary: "Cisco Security Advisory vom 2024-10-23", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer", }, { category: "external", summary: "Cisco Security Advisory vom 2024-10-23", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-2HBkA97G", }, { category: "external", summary: "Cisco Security Advisory vom 2024-10-23", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-g8AOKnDP", }, { category: "external", summary: "Cisco Security Advisory vom 2024-10-23", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7", }, { category: "external", summary: "Cisco Security Advisory vom 2024-10-23", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-file-read-5q4mQRn", }, { category: "external", summary: "Cisco Security Advisory vom 2024-10-23", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-html-inj-nfJeYHxz", }, { category: "external", summary: "Cisco Security Advisory vom 2024-10-23", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-priv-esc-CMQ4S6m7", }, { category: "external", summary: "Cisco Security Advisory vom 2024-10-23", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-inject-2EnmTC8v", }, { category: "external", summary: "Cisco Security Advisory vom 2024-10-23", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-inj-LOYAFcfq", }, { category: "external", summary: "Cisco Security Advisory vom 2024-10-23", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs", }, ], source_lang: "en-US", title: "Cisco Secure Firewall Management Center: Mehrere Schwachstellen", tracking: { current_release_date: "2024-10-23T22:00:00.000+00:00", generator: { date: "2024-10-24T11:11:14.292+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-3267", initial_release_date: "2024-10-23T22:00:00.000+00:00", revision_history: [ { date: "2024-10-23T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Cisco Secure Firewall Management Center", product: { name: "Cisco Secure Firewall Management Center", product_id: "T038565", product_identification_helper: { cpe: "cpe:/a:cisco:secure_firewall_management_center:-", }, }, }, ], category: "vendor", name: "Cisco", }, ], }, vulnerabilities: [ { cve: "CVE-2024-20264", notes: [ { category: "description", text: "In Cisco Secure Firewall Management Center existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der webbasierten Verwaltungsschnittstelle nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer oder authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20264", }, { cve: "CVE-2024-20269", notes: [ { category: "description", text: "In Cisco Secure Firewall Management Center existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der webbasierten Verwaltungsschnittstelle nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer oder authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20269", }, { cve: "CVE-2024-20273", notes: [ { category: "description", text: "In Cisco Secure Firewall Management Center existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der webbasierten Verwaltungsschnittstelle nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer oder authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20273", }, { cve: "CVE-2024-20298", notes: [ { category: "description", text: "In Cisco Secure Firewall Management Center existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der webbasierten Verwaltungsschnittstelle nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer oder authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20298", }, { cve: "CVE-2024-20300", notes: [ { category: "description", text: "In Cisco Secure Firewall Management Center existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der webbasierten Verwaltungsschnittstelle nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer oder authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20300", }, { cve: "CVE-2024-20364", notes: [ { category: "description", text: "In Cisco Secure Firewall Management Center existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der webbasierten Verwaltungsschnittstelle nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer oder authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20364", }, { cve: "CVE-2024-20372", notes: [ { category: "description", text: "In Cisco Secure Firewall Management Center existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der webbasierten Verwaltungsschnittstelle nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer oder authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20372", }, { cve: "CVE-2024-20377", notes: [ { category: "description", text: "In Cisco Secure Firewall Management Center existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der webbasierten Verwaltungsschnittstelle nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer oder authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20377", }, { cve: "CVE-2024-20386", notes: [ { category: "description", text: "In Cisco Secure Firewall Management Center existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der webbasierten Verwaltungsschnittstelle nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer oder authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20386", }, { cve: "CVE-2024-20387", notes: [ { category: "description", text: "In Cisco Secure Firewall Management Center existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der webbasierten Verwaltungsschnittstelle nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer oder authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20387", }, { cve: "CVE-2024-20403", notes: [ { category: "description", text: "In Cisco Secure Firewall Management Center existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der webbasierten Verwaltungsschnittstelle nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer oder authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20403", }, { cve: "CVE-2024-20409", notes: [ { category: "description", text: "In Cisco Secure Firewall Management Center existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der webbasierten Verwaltungsschnittstelle nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer oder authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20409", }, { cve: "CVE-2024-20410", notes: [ { category: "description", text: "In Cisco Secure Firewall Management Center existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der webbasierten Verwaltungsschnittstelle nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer oder authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20410", }, { cve: "CVE-2024-20415", notes: [ { category: "description", text: "In Cisco Secure Firewall Management Center existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der webbasierten Verwaltungsschnittstelle nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer oder authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20415", }, { cve: "CVE-2024-20379", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen im Cisco Secure Firewall Management Center. Diese Fehler betreffen die webbasierte Verwaltungsoberfläche und die Kennwortverwaltung aufgrund eines Logikfehlers bei Kennwortaktualisierungen und einer unzureichenden Validierung der vom Benutzer bereitgestellten Eingaben. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, insbesondere um konfigurierte Benutzernamen zu ermitteln und beliebige Dateien auf dem zugrunde liegenden Betriebssystem des betroffenen Geräts zu lesen.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20379", }, { cve: "CVE-2024-20388", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen im Cisco Secure Firewall Management Center. Diese Fehler betreffen die webbasierte Verwaltungsoberfläche und die Kennwortverwaltung aufgrund eines Logikfehlers bei Kennwortaktualisierungen und einer unzureichenden Validierung der vom Benutzer bereitgestellten Eingaben. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, insbesondere um konfigurierte Benutzernamen zu ermitteln und beliebige Dateien auf dem zugrunde liegenden Betriebssystem des betroffenen Geräts zu lesen.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20388", }, { cve: "CVE-2024-20275", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen im Cisco Secure Firewall Management Center. Diese Fehler betreffen die Cluster-Backup-Funktion und die webbasierte Verwaltungsschnittstelle aufgrund einer unzureichenden Eingabevalidierung bestimmter HTTP-Anfragen und Benutzerdaten. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, sogar mit Root-Rechten. Um die Schwachstellen auszunutzen, muss der Angreifer über eine bestimmte Rolle oder erhöhte Rechte verfügen. Eine der Schwachstellen erfordert eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden, muss der Angreifer einen legitimen Benutzer überzeugen, ein Cluster-Backup zu initiieren.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20275", }, { cve: "CVE-2024-20374", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen im Cisco Secure Firewall Management Center. Diese Fehler betreffen die Cluster-Backup-Funktion und die webbasierte Verwaltungsschnittstelle aufgrund einer unzureichenden Eingabevalidierung bestimmter HTTP-Anfragen und Benutzerdaten. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, sogar mit Root-Rechten. Um die Schwachstellen auszunutzen, muss der Angreifer über eine bestimmte Rolle oder erhöhte Rechte verfügen. Eine der Schwachstellen erfordert eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden, muss der Angreifer einen legitimen Benutzer überzeugen, ein Cluster-Backup zu initiieren.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20374", }, { cve: "CVE-2024-20424", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen im Cisco Secure Firewall Management Center. Diese Fehler betreffen die Cluster-Backup-Funktion und die webbasierte Verwaltungsschnittstelle aufgrund einer unzureichenden Eingabevalidierung bestimmter HTTP-Anfragen und Benutzerdaten. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, sogar mit Root-Rechten. Um die Schwachstellen auszunutzen, muss der Angreifer über eine bestimmte Rolle oder erhöhte Rechte verfügen. Eine der Schwachstellen erfordert eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden, muss der Angreifer einen legitimen Benutzer überzeugen, ein Cluster-Backup zu initiieren.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20424", }, { cve: "CVE-2024-20274", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen im Cisco Secure Firewall Management Center. Diese Fehler betreffen die webbasierte Verwaltungsschnittstelle aufgrund einer unzureichenden Validierung der vom Benutzer bereitgestellten Daten, wodurch SQL- und HTML-Injektionen möglich sind. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Daten zu manipulieren, auf beliebige Dateien des zugrunde liegenden Betriebssystems zuzugreifen und serverseitige Anforderungsfälschung durchzuführen. Um diese Schwachstellen auszunutzen, muss der Angreifer über eine bestimmte Rolle oder erhöhte Rechte verfügen.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20274", }, { cve: "CVE-2024-20340", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen im Cisco Secure Firewall Management Center. Diese Fehler betreffen die webbasierte Verwaltungsschnittstelle aufgrund einer unzureichenden Validierung der vom Benutzer bereitgestellten Daten, wodurch SQL- und HTML-Injektionen möglich sind. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Daten zu manipulieren, auf beliebige Dateien des zugrunde liegenden Betriebssystems zuzugreifen und serverseitige Anforderungsfälschung durchzuführen. Um diese Schwachstellen auszunutzen, muss der Angreifer über eine bestimmte Rolle oder erhöhte Rechte verfügen.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20340", }, { cve: "CVE-2024-20471", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen im Cisco Secure Firewall Management Center. Diese Fehler betreffen die webbasierte Verwaltungsschnittstelle aufgrund einer unzureichenden Validierung der vom Benutzer bereitgestellten Daten, wodurch SQL- und HTML-Injektionen möglich sind. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Daten zu manipulieren, auf beliebige Dateien des zugrunde liegenden Betriebssystems zuzugreifen und serverseitige Anforderungsfälschung durchzuführen. Um diese Schwachstellen auszunutzen, muss der Angreifer über eine bestimmte Rolle oder erhöhte Rechte verfügen.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20471", }, { cve: "CVE-2024-20472", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen im Cisco Secure Firewall Management Center. Diese Fehler betreffen die webbasierte Verwaltungsschnittstelle aufgrund einer unzureichenden Validierung der vom Benutzer bereitgestellten Daten, wodurch SQL- und HTML-Injektionen möglich sind. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Daten zu manipulieren, auf beliebige Dateien des zugrunde liegenden Betriebssystems zuzugreifen und serverseitige Anforderungsfälschung durchzuführen. Um diese Schwachstellen auszunutzen, muss der Angreifer über eine bestimmte Rolle oder erhöhte Rechte verfügen.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20472", }, { cve: "CVE-2024-20473", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen im Cisco Secure Firewall Management Center. Diese Fehler betreffen die webbasierte Verwaltungsschnittstelle aufgrund einer unzureichenden Validierung der vom Benutzer bereitgestellten Daten, wodurch SQL- und HTML-Injektionen möglich sind. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Daten zu manipulieren, auf beliebige Dateien des zugrunde liegenden Betriebssystems zuzugreifen und serverseitige Anforderungsfälschung durchzuführen. Um diese Schwachstellen auszunutzen, muss der Angreifer über eine bestimmte Rolle oder erhöhte Rechte verfügen.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20473", }, { cve: "CVE-2024-20482", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen im Cisco Secure Firewall Management Center. Dieser Fehler betrifft die webbasierte Verwaltungsoberfläche aufgrund einer unzureichenden Validierung von Rollenberechtigungen. Ein entfernter, authentisierter Angreifer mit einer benutzerdefinierten Nur-Lese-Rolle kann diese Schwachstelle ausnutzen, um erhöhte Berechtigungen zu erlangen, indem er einen Schreibvorgang auf dem betroffenen Teil der webbasierten Verwaltungsoberfläche durchführt.", }, ], product_status: { known_affected: [ "T038565", ], }, release_date: "2024-10-23T22:00:00.000+00:00", title: "CVE-2024-20482", }, ], }
cve-2024-20340
Vulnerability from cvelistv5
Published
2024-10-23 17:09
Modified
2024-10-24 17:48
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, an attacker must have a valid account on the device with the role of Security Approver, Intrusion Admin, Access Admin, or Network Admin.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to read the contents of databases on the affected device and also obtain limited read access to the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 7.0.0 Version: 7.0.0.1 Version: 7.0.1 Version: 7.1.0 Version: 7.0.1.1 Version: 7.1.0.1 Version: 7.0.2 Version: 7.2.0 Version: 7.0.2.1 Version: 7.0.3 Version: 7.1.0.2 Version: 7.2.0.1 Version: 7.0.4 Version: 7.2.1 Version: 7.0.5 Version: 7.3.0 Version: 7.2.2 Version: 7.3.1 Version: 7.2.3 Version: 7.1.0.3 Version: 7.2.3.1 Version: 7.2.4 Version: 7.0.6 Version: 7.2.4.1 Version: 7.2.5 Version: 7.3.1.1 Version: 7.4.0 Version: 7.0.6.1 Version: 7.2.5.1 Version: 7.4.1 Version: 7.2.6 Version: 7.4.1.1 Version: 7.0.6.2 Version: 7.2.7 Version: 7.2.5.2 Version: 7.3.1.2 Version: 7.2.8 Version: 7.4.2 Version: 7.2.8.1 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20340", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T18:39:57.724507Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T17:48:12.904Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "7.0.0", }, { status: "affected", version: "7.0.0.1", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.1.0", }, { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.0.2.1", }, { status: "affected", version: "7.0.3", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.0.4", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.0.6", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.0.6.1", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.2.6", }, { status: "affected", version: "7.4.1.1", }, { status: "affected", version: "7.0.6.2", }, { status: "affected", version: "7.2.7", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.2.8", }, { status: "affected", version: "7.4.2", }, { status: "affected", version: "7.2.8.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, an attacker must have a valid account on the device with the role of Security Approver, Intrusion Admin, Access Admin, or Network Admin.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to read the contents of databases on the affected device and also obtain limited read access to the underlying operating system.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:09:10.266Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-sql-inject-2EnmTC8v", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-inject-2EnmTC8v", }, { name: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO", }, { name: "Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication", url: "https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300", }, ], source: { advisory: "cisco-sa-fmc-sql-inject-2EnmTC8v", defects: [ "CSCwi23613", ], discovery: "INTERNAL", }, title: "Cisco Secure Firewall Management Center SQL Injection Vulnerability", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20340", datePublished: "2024-10-23T17:09:10.266Z", dateReserved: "2023-11-08T15:08:07.642Z", dateUpdated: "2024-10-24T17:48:12.904Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20482
Vulnerability from cvelistv5
Published
2024-10-23 17:52
Modified
2024-10-26 03:55
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker must have a valid account on the device that is configured with a custom read-only role.
This vulnerability is due to insufficient validation of role permissions in part of the web-based management interface. An attacker could exploit this vulnerability by performing a write operation on the affected part of the web-based management interface. A successful exploit could allow the attacker to modify certain parts of the configuration.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 7.2.0 Version: 7.2.1 Version: 7.2.2 Version: 7.2.0.1 Version: 7.2.3 Version: 7.2.3.1 Version: 7.2.4 Version: 7.2.4.1 Version: 7.2.5 Version: 7.2.5.1 Version: 7.2.6 Version: 7.2.7 Version: 7.2.5.2 Version: 7.2.8 Version: 7.2.8.1 Version: 7.3.0 Version: 7.3.1 Version: 7.3.1.1 Version: 7.3.1.2 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20482", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-25T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-26T03:55:29.925Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.2.6", }, { status: "affected", version: "7.2.7", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.2.8", }, { status: "affected", version: "7.2.8.1", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker must have a valid account on the device that is configured with a custom read-only role.\r\n\r This vulnerability is due to insufficient validation of role permissions in part of the web-based management interface. An attacker could exploit this vulnerability by performing a write operation on the affected part of the web-based management interface. A successful exploit could allow the attacker to modify certain parts of the configuration.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "Incorrect Authorization", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:52:08.555Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-priv-esc-CMQ4S6m7", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-priv-esc-CMQ4S6m7", }, ], source: { advisory: "cisco-sa-fmc-priv-esc-CMQ4S6m7", defects: [ "CSCwj41973", ], discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20482", datePublished: "2024-10-23T17:52:08.555Z", dateReserved: "2023-11-08T15:08:07.684Z", dateUpdated: "2024-10-26T03:55:29.925Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20273
Vulnerability from cvelistv5
Published
2024-10-23 17:07
Modified
2024-10-24 17:49
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 6.2.3.12 Version: 6.2.3.1 Version: 6.2.3.10 Version: 6.2.3.8 Version: 6.4.0.6 Version: 6.2.3 Version: 6.4.0.7 Version: 6.2.3.13 Version: 6.2.3.5 Version: 6.4.0.4 Version: 6.2.3.9 Version: 6.2.3.14 Version: 6.4.0.1 Version: 6.2.3.6 Version: 6.2.3.11 Version: 6.4.0.8 Version: 6.2.3.2 Version: 6.4.0.2 Version: 6.2.3.3 Version: 6.4.0.3 Version: 6.2.3.7 Version: 6.2.3.4 Version: 6.4.0.5 Version: 6.4.0 Version: 6.2.3.15 Version: 6.6.0 Version: 6.4.0.9 Version: 6.2.3.16 Version: 6.6.0.1 Version: 6.6.1 Version: 6.4.0.10 Version: 6.7.0 Version: 6.4.0.11 Version: 6.6.3 Version: 6.7.0.1 Version: 6.6.4 Version: 6.4.0.12 Version: 6.7.0.2 Version: 7.0.0 Version: 6.2.3.17 Version: 7.0.0.1 Version: 6.6.5 Version: 7.0.1 Version: 7.1.0 Version: 6.6.5.1 Version: 6.4.0.13 Version: 6.7.0.3 Version: 7.0.1.1 Version: 6.2.3.18 Version: 6.4.0.14 Version: 6.6.5.2 Version: 7.1.0.1 Version: 7.0.2 Version: 6.4.0.15 Version: 7.2.0 Version: 7.0.2.1 Version: 7.0.3 Version: 6.6.7 Version: 7.1.0.2 Version: 7.2.0.1 Version: 7.0.4 Version: 7.2.1 Version: 7.0.5 Version: 6.4.0.16 Version: 7.3.0 Version: 7.2.2 Version: 6.6.7.1 Version: 7.3.1 Version: 7.2.3 Version: 7.1.0.3 Version: 7.2.3.1 Version: 7.2.4 Version: 7.0.6 Version: 7.2.4.1 Version: 7.2.5 Version: 7.3.1.1 Version: 7.4.0 Version: 6.4.0.17 Version: 7.0.6.1 Version: 7.2.5.1 Version: 6.6.7.2 Version: 7.2.5.2 Version: 7.3.1.2 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20273", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T18:40:06.716882Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T17:49:10.237Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "6.2.3.12", }, { status: "affected", version: "6.2.3.1", }, { status: "affected", version: "6.2.3.10", }, { status: "affected", version: "6.2.3.8", }, { status: "affected", version: "6.4.0.6", }, { status: "affected", version: "6.2.3", }, { status: "affected", version: "6.4.0.7", }, { status: "affected", version: "6.2.3.13", }, { status: "affected", version: "6.2.3.5", }, { status: "affected", version: "6.4.0.4", }, { status: "affected", version: "6.2.3.9", }, { status: "affected", version: "6.2.3.14", }, { status: "affected", version: "6.4.0.1", }, { status: "affected", version: "6.2.3.6", }, { status: "affected", version: "6.2.3.11", }, { status: "affected", version: "6.4.0.8", }, { status: "affected", version: "6.2.3.2", }, { status: "affected", version: "6.4.0.2", }, { status: "affected", version: "6.2.3.3", }, { status: "affected", version: "6.4.0.3", }, { status: "affected", version: "6.2.3.7", }, { status: "affected", version: "6.2.3.4", }, { status: "affected", version: "6.4.0.5", }, { status: "affected", version: "6.4.0", }, { status: "affected", version: "6.2.3.15", }, { status: "affected", version: "6.6.0", }, { status: "affected", version: "6.4.0.9", }, { status: "affected", version: "6.2.3.16", }, { status: "affected", version: "6.6.0.1", }, { status: "affected", version: "6.6.1", }, { status: "affected", version: "6.4.0.10", }, { status: "affected", version: "6.7.0", }, { status: "affected", version: "6.4.0.11", }, { status: "affected", version: "6.6.3", }, { status: "affected", version: "6.7.0.1", }, { status: "affected", version: "6.6.4", }, { status: "affected", version: "6.4.0.12", }, { status: "affected", version: "6.7.0.2", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "6.2.3.17", }, { status: "affected", version: "7.0.0.1", }, { status: "affected", version: "6.6.5", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.1.0", }, { status: "affected", version: "6.6.5.1", }, { status: "affected", version: "6.4.0.13", }, { status: "affected", version: "6.7.0.3", }, { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "6.2.3.18", }, { status: "affected", version: "6.4.0.14", }, { status: "affected", version: "6.6.5.2", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "6.4.0.15", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.0.2.1", }, { status: "affected", version: "7.0.3", }, { status: "affected", version: "6.6.7", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.0.4", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "6.4.0.16", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "6.6.7.1", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.0.6", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "6.4.0.17", }, { status: "affected", version: "7.0.6.1", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "6.6.7.2", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.3.1.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:07:29.031Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-xss-dhJxQYZs", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs", }, { name: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO", }, { name: "Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication", url: "https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300", }, ], source: { advisory: "cisco-sa-fmc-xss-dhJxQYZs", defects: [ "CSCwh70866", ], discovery: "INTERNAL", }, title: "Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20273", datePublished: "2024-10-23T17:07:29.031Z", dateReserved: "2023-11-08T15:08:07.625Z", dateUpdated: "2024-10-24T17:49:10.237Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20372
Vulnerability from cvelistv5
Published
2024-10-23 17:29
Modified
2024-10-24 17:47
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 6.2.3 Version: 6.2.3.1 Version: 6.2.3.2 Version: 6.2.3.3 Version: 6.2.3.4 Version: 6.2.3.5 Version: 6.2.3.6 Version: 6.2.3.7 Version: 6.2.3.9 Version: 6.2.3.10 Version: 6.2.3.11 Version: 6.2.3.12 Version: 6.2.3.13 Version: 6.2.3.14 Version: 6.2.3.15 Version: 6.2.3.8 Version: 6.2.3.16 Version: 6.2.3.17 Version: 6.2.3.18 Version: 6.4.0 Version: 6.4.0.1 Version: 6.4.0.3 Version: 6.4.0.2 Version: 6.4.0.4 Version: 6.4.0.5 Version: 6.4.0.6 Version: 6.4.0.7 Version: 6.4.0.8 Version: 6.4.0.9 Version: 6.4.0.10 Version: 6.4.0.11 Version: 6.4.0.12 Version: 6.4.0.13 Version: 6.4.0.14 Version: 6.4.0.15 Version: 6.4.0.16 Version: 6.4.0.17 Version: 6.4.0.18 Version: 6.6.0 Version: 6.6.0.1 Version: 6.6.1 Version: 6.6.3 Version: 6.6.4 Version: 6.6.5 Version: 6.6.5.1 Version: 6.6.5.2 Version: 6.6.7 Version: 6.6.7.1 Version: 6.6.7.2 Version: 6.7.0 Version: 6.7.0.1 Version: 6.7.0.2 Version: 6.7.0.3 Version: 7.0.0 Version: 7.0.0.1 Version: 7.0.1 Version: 7.0.1.1 Version: 7.0.2 Version: 7.0.2.1 Version: 7.0.3 Version: 7.0.4 Version: 7.0.5 Version: 7.0.6 Version: 7.0.6.1 Version: 7.0.6.2 Version: 7.1.0 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.2.0 Version: 7.2.1 Version: 7.2.2 Version: 7.2.0.1 Version: 7.2.3 Version: 7.2.3.1 Version: 7.2.4 Version: 7.2.4.1 Version: 7.2.5 Version: 7.2.5.1 Version: 7.2.6 Version: 7.2.7 Version: 7.2.5.2 Version: 7.2.8 Version: 7.2.8.1 Version: 7.3.0 Version: 7.3.1 Version: 7.3.1.1 Version: 7.3.1.2 Version: 7.4.0 Version: 7.4.1 Version: 7.4.1.1 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20372", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T18:39:53.652335Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T17:47:41.964Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "6.2.3", }, { status: "affected", version: "6.2.3.1", }, { status: "affected", version: "6.2.3.2", }, { status: "affected", version: "6.2.3.3", }, { status: "affected", version: "6.2.3.4", }, { status: "affected", version: "6.2.3.5", }, { status: "affected", version: "6.2.3.6", }, { status: "affected", version: "6.2.3.7", }, { status: "affected", version: "6.2.3.9", }, { status: "affected", version: "6.2.3.10", }, { status: "affected", version: "6.2.3.11", }, { status: "affected", version: "6.2.3.12", }, { status: "affected", version: "6.2.3.13", }, { status: "affected", version: "6.2.3.14", }, { status: "affected", version: "6.2.3.15", }, { status: "affected", version: "6.2.3.8", }, { status: "affected", version: "6.2.3.16", }, { status: "affected", version: "6.2.3.17", }, { status: "affected", version: "6.2.3.18", }, { status: "affected", version: "6.4.0", }, { status: "affected", version: "6.4.0.1", }, { status: "affected", version: "6.4.0.3", }, { status: "affected", version: "6.4.0.2", }, { status: "affected", version: "6.4.0.4", }, { status: "affected", version: "6.4.0.5", }, { status: "affected", version: "6.4.0.6", }, { status: "affected", version: "6.4.0.7", }, { status: "affected", version: "6.4.0.8", }, { status: "affected", version: "6.4.0.9", }, { status: "affected", version: "6.4.0.10", }, { status: "affected", version: "6.4.0.11", }, { status: "affected", version: "6.4.0.12", }, { status: "affected", version: "6.4.0.13", }, { status: "affected", version: "6.4.0.14", }, { status: "affected", version: "6.4.0.15", }, { status: "affected", version: "6.4.0.16", }, { status: "affected", version: "6.4.0.17", }, { status: "affected", version: "6.4.0.18", }, { status: "affected", version: "6.6.0", }, { status: "affected", version: "6.6.0.1", }, { status: "affected", version: "6.6.1", }, { status: "affected", version: "6.6.3", }, { status: "affected", version: "6.6.4", }, { status: "affected", version: "6.6.5", }, { status: "affected", version: "6.6.5.1", }, { status: "affected", version: "6.6.5.2", }, { status: "affected", version: "6.6.7", }, { status: "affected", version: "6.6.7.1", }, { status: "affected", version: "6.6.7.2", }, { status: "affected", version: "6.7.0", }, { status: "affected", version: "6.7.0.1", }, { status: "affected", version: "6.7.0.2", }, { status: "affected", version: "6.7.0.3", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "7.0.0.1", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "7.0.2.1", }, { status: "affected", version: "7.0.3", }, { status: "affected", version: "7.0.4", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "7.0.6", }, { status: "affected", version: "7.0.6.1", }, { status: "affected", version: "7.0.6.2", }, { status: "affected", version: "7.1.0", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.2.6", }, { status: "affected", version: "7.2.7", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.2.8", }, { status: "affected", version: "7.2.8.1", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:29:39.644Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-xss-dhJxQYZs", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs", }, ], source: { advisory: "cisco-sa-fmc-xss-dhJxQYZs", defects: [ "CSCwi78593", "CSCwi78594", ], discovery: "EXTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20372", datePublished: "2024-10-23T17:29:39.644Z", dateReserved: "2023-11-08T15:08:07.654Z", dateUpdated: "2024-10-24T17:47:41.964Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20471
Vulnerability from cvelistv5
Published
2024-10-23 17:47
Modified
2024-10-24 14:26
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit this vulnerability by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain unauthorized data from the database and make changes to the system. To exploit this vulnerability, an attacker would need Administrator-level privileges.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 6.2.3 Version: 6.2.3.1 Version: 6.2.3.2 Version: 6.2.3.3 Version: 6.2.3.4 Version: 6.2.3.5 Version: 6.2.3.6 Version: 6.2.3.7 Version: 6.2.3.9 Version: 6.2.3.10 Version: 6.2.3.11 Version: 6.2.3.12 Version: 6.2.3.13 Version: 6.2.3.14 Version: 6.2.3.15 Version: 6.2.3.8 Version: 6.2.3.16 Version: 6.2.3.17 Version: 6.2.3.18 Version: 6.4.0 Version: 6.4.0.1 Version: 6.4.0.3 Version: 6.4.0.2 Version: 6.4.0.4 Version: 6.4.0.5 Version: 6.4.0.6 Version: 6.4.0.7 Version: 6.4.0.8 Version: 6.4.0.9 Version: 6.4.0.10 Version: 6.4.0.11 Version: 6.4.0.12 Version: 6.4.0.13 Version: 6.4.0.14 Version: 6.4.0.15 Version: 6.4.0.16 Version: 6.4.0.17 Version: 6.4.0.18 Version: 6.6.0 Version: 6.6.0.1 Version: 6.6.1 Version: 6.6.3 Version: 6.6.4 Version: 6.6.5 Version: 6.6.5.1 Version: 6.6.5.2 Version: 6.6.7 Version: 6.6.7.1 Version: 6.6.7.2 Version: 6.7.0 Version: 6.7.0.1 Version: 6.7.0.2 Version: 6.7.0.3 Version: 7.0.0 Version: 7.0.0.1 Version: 7.0.1 Version: 7.0.1.1 Version: 7.0.2 Version: 7.0.2.1 Version: 7.0.3 Version: 7.0.4 Version: 7.0.5 Version: 7.0.6 Version: 7.0.6.1 Version: 7.0.6.2 Version: 7.1.0 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.2.0 Version: 7.2.1 Version: 7.2.2 Version: 7.2.0.1 Version: 7.2.3 Version: 7.2.3.1 Version: 7.2.4 Version: 7.2.4.1 Version: 7.2.5 Version: 7.2.5.1 Version: 7.2.6 Version: 7.2.7 Version: 7.2.5.2 Version: 7.2.8 Version: 7.2.8.1 Version: 7.3.0 Version: 7.3.1 Version: 7.3.1.1 Version: 7.3.1.2 Version: 7.4.0 Version: 7.4.1 Version: 7.4.1.1 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "firepower_management_center", vendor: "cisco", versions: [ { status: "affected", version: "6.2.3", }, { status: "affected", version: "6.2.3.1", }, { status: "affected", version: "6.2.3.2", }, { status: "affected", version: "6.2.3.3", }, { status: "affected", version: "6.2.3.4", }, { status: "affected", version: "6.2.3.5", }, { status: "affected", version: "6.2.3.6", }, { status: "affected", version: "6.2.3.7", }, { status: "affected", version: "6.2.3.9", }, { status: "affected", version: "6.2.3.10", }, { status: "affected", version: "6.2.3.11", }, { status: "affected", version: "6.2.3.12", }, { status: "affected", version: "6.2.3.13", }, { status: "affected", version: "6.2.3.14", }, { status: "affected", version: "6.2.3.15", }, { status: "affected", version: "6.2.3.8", }, { status: "affected", version: "6.2.3.16", }, { status: "affected", version: "6.2.3.17", }, { status: "affected", version: "6.2.3.18", }, { status: "affected", version: "6.4.0", }, { status: "affected", version: "6.4.0.1", }, { status: "affected", version: "6.4.0.3", }, { status: "affected", version: "6.4.0.2", }, { status: "affected", version: "6.4.0.4", }, { status: "affected", version: "6.4.0.5", }, { status: "affected", version: "6.4.0.6", }, { status: "affected", version: "6.4.0.7", }, { status: "affected", version: "6.4.0.8", }, { status: "affected", version: "6.4.0.9", }, { status: "affected", version: "6.4.0.10", }, { status: "affected", version: "6.4.0.11", }, { status: "affected", version: "6.4.0.12", }, { status: "affected", version: "6.4.0.13", }, { status: "affected", version: "6.4.0.14", }, { status: "affected", version: "6.4.0.15", }, { status: "affected", version: "6.4.0.16", }, { status: "affected", version: "6.4.0.17", }, { status: "affected", version: "6.4.0.18", }, { status: "affected", version: "6.6.0", }, { status: "affected", version: "6.6.0.1", }, { status: "affected", version: "6.6.1", }, { status: "affected", version: "6.6.3", }, { status: "affected", version: "6.6.4", }, { status: "affected", version: "6.6.5", }, { status: "affected", version: "6.6.5.1", }, { status: "affected", version: "6.6.5.2", }, { status: "affected", version: "6.6.7", }, { status: "affected", version: "6.6.7.1", }, { status: "affected", version: "6.6.7.2", }, { status: "affected", version: "6.7.0", }, { status: "affected", version: "6.7.0.1", }, { status: "affected", version: "6.7.0.2", }, { status: "affected", version: "6.7.0.3", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "7.0.0.1", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "7.0.2.1", }, { status: "affected", version: "7.0.3", }, { status: "affected", version: "7.0.4", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "7.0.6", }, { status: "affected", version: "7.0.6.1", }, { status: "affected", version: "7.0.6.2", }, { status: "affected", version: "7.1.0", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.2.6", }, { status: "affected", version: "7.2.7", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.2.8", }, { status: "affected", version: "7.2.8.1", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-20471", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-24T14:16:17.727790Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T14:26:22.403Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "6.2.3", }, { status: "affected", version: "6.2.3.1", }, { status: "affected", version: "6.2.3.2", }, { status: "affected", version: "6.2.3.3", }, { status: "affected", version: "6.2.3.4", }, { status: "affected", version: "6.2.3.5", }, { status: "affected", version: "6.2.3.6", }, { status: "affected", version: "6.2.3.7", }, { status: "affected", version: "6.2.3.9", }, { status: "affected", version: "6.2.3.10", }, { status: "affected", version: "6.2.3.11", }, { status: "affected", version: "6.2.3.12", }, { status: "affected", version: "6.2.3.13", }, { status: "affected", version: "6.2.3.14", }, { status: "affected", version: "6.2.3.15", }, { status: "affected", version: "6.2.3.8", }, { status: "affected", version: "6.2.3.16", }, { status: "affected", version: "6.2.3.17", }, { status: "affected", version: "6.2.3.18", }, { status: "affected", version: "6.4.0", }, { status: "affected", version: "6.4.0.1", }, { status: "affected", version: "6.4.0.3", }, { status: "affected", version: "6.4.0.2", }, { status: "affected", version: "6.4.0.4", }, { status: "affected", version: "6.4.0.5", }, { status: "affected", version: "6.4.0.6", }, { status: "affected", version: "6.4.0.7", }, { status: "affected", version: "6.4.0.8", }, { status: "affected", version: "6.4.0.9", }, { status: "affected", version: "6.4.0.10", }, { status: "affected", version: "6.4.0.11", }, { status: "affected", version: "6.4.0.12", }, { status: "affected", version: "6.4.0.13", }, { status: "affected", version: "6.4.0.14", }, { status: "affected", version: "6.4.0.15", }, { status: "affected", version: "6.4.0.16", }, { status: "affected", version: "6.4.0.17", }, { status: "affected", version: "6.4.0.18", }, { status: "affected", version: "6.6.0", }, { status: "affected", version: "6.6.0.1", }, { status: "affected", version: "6.6.1", }, { status: "affected", version: "6.6.3", }, { status: "affected", version: "6.6.4", }, { status: "affected", version: "6.6.5", }, { status: "affected", version: "6.6.5.1", }, { status: "affected", version: "6.6.5.2", }, { status: "affected", version: "6.6.7", }, { status: "affected", version: "6.6.7.1", }, { status: "affected", version: "6.6.7.2", }, { status: "affected", version: "6.7.0", }, { status: "affected", version: "6.7.0.1", }, { status: "affected", version: "6.7.0.2", }, { status: "affected", version: "6.7.0.3", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "7.0.0.1", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "7.0.2.1", }, { status: "affected", version: "7.0.3", }, { status: "affected", version: "7.0.4", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "7.0.6", }, { status: "affected", version: "7.0.6.1", }, { status: "affected", version: "7.0.6.2", }, { status: "affected", version: "7.1.0", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.2.6", }, { status: "affected", version: "7.2.7", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.2.8", }, { status: "affected", version: "7.2.8.1", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.\r\n\r This vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit this vulnerability by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain unauthorized data from the database and make changes to the system. To exploit this vulnerability, an attacker would need Administrator-level privileges.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:47:42.116Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-sql-inj-LOYAFcfq", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-inj-LOYAFcfq", }, ], source: { advisory: "cisco-sa-fmc-sql-inj-LOYAFcfq", defects: [ "CSCwi78596", ], discovery: "EXTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20471", datePublished: "2024-10-23T17:47:42.116Z", dateReserved: "2023-11-08T15:08:07.681Z", dateUpdated: "2024-10-24T14:26:22.403Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20410
Vulnerability from cvelistv5
Published
2024-10-23 17:38
Modified
2024-10-24 17:46
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 6.2.3 Version: 6.2.3.1 Version: 6.2.3.2 Version: 6.2.3.3 Version: 6.2.3.4 Version: 6.2.3.5 Version: 6.2.3.6 Version: 6.2.3.7 Version: 6.2.3.9 Version: 6.2.3.10 Version: 6.2.3.11 Version: 6.2.3.12 Version: 6.2.3.13 Version: 6.2.3.14 Version: 6.2.3.15 Version: 6.2.3.8 Version: 6.2.3.16 Version: 6.2.3.17 Version: 6.2.3.18 Version: 6.4.0 Version: 6.4.0.1 Version: 6.4.0.3 Version: 6.4.0.2 Version: 6.4.0.4 Version: 6.4.0.5 Version: 6.4.0.6 Version: 6.4.0.7 Version: 6.4.0.8 Version: 6.4.0.9 Version: 6.4.0.10 Version: 6.4.0.11 Version: 6.4.0.12 Version: 6.4.0.13 Version: 6.4.0.14 Version: 6.4.0.15 Version: 6.4.0.16 Version: 6.4.0.17 Version: 6.4.0.18 Version: 6.6.0 Version: 6.6.0.1 Version: 6.6.1 Version: 6.6.3 Version: 6.6.4 Version: 6.6.5 Version: 6.6.5.1 Version: 6.6.5.2 Version: 6.6.7 Version: 6.6.7.1 Version: 6.6.7.2 Version: 6.7.0 Version: 6.7.0.1 Version: 6.7.0.2 Version: 6.7.0.3 Version: 7.0.0 Version: 7.0.0.1 Version: 7.0.1 Version: 7.0.1.1 Version: 7.0.2 Version: 7.0.2.1 Version: 7.0.3 Version: 7.0.4 Version: 7.0.5 Version: 7.0.6 Version: 7.0.6.1 Version: 7.0.6.2 Version: 7.1.0 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.2.0 Version: 7.2.1 Version: 7.2.2 Version: 7.2.0.1 Version: 7.2.3 Version: 7.2.3.1 Version: 7.2.4 Version: 7.2.4.1 Version: 7.2.5 Version: 7.2.5.1 Version: 7.2.6 Version: 7.2.7 Version: 7.2.5.2 Version: 7.2.8 Version: 7.2.8.1 Version: 7.3.0 Version: 7.3.1 Version: 7.3.1.1 Version: 7.3.1.2 Version: 7.4.0 Version: 7.4.1 Version: 7.4.1.1 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20410", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T18:39:45.491201Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T17:46:41.091Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "6.2.3", }, { status: "affected", version: "6.2.3.1", }, { status: "affected", version: "6.2.3.2", }, { status: "affected", version: "6.2.3.3", }, { status: "affected", version: "6.2.3.4", }, { status: "affected", version: "6.2.3.5", }, { status: "affected", version: "6.2.3.6", }, { status: "affected", version: "6.2.3.7", }, { status: "affected", version: "6.2.3.9", }, { status: "affected", version: "6.2.3.10", }, { status: "affected", version: "6.2.3.11", }, { status: "affected", version: "6.2.3.12", }, { status: "affected", version: "6.2.3.13", }, { status: "affected", version: "6.2.3.14", }, { status: "affected", version: "6.2.3.15", }, { status: "affected", version: "6.2.3.8", }, { status: "affected", version: "6.2.3.16", }, { status: "affected", version: "6.2.3.17", }, { status: "affected", version: "6.2.3.18", }, { status: "affected", version: "6.4.0", }, { status: "affected", version: "6.4.0.1", }, { status: "affected", version: "6.4.0.3", }, { status: "affected", version: "6.4.0.2", }, { status: "affected", version: "6.4.0.4", }, { status: "affected", version: "6.4.0.5", }, { status: "affected", version: "6.4.0.6", }, { status: "affected", version: "6.4.0.7", }, { status: "affected", version: "6.4.0.8", }, { status: "affected", version: "6.4.0.9", }, { status: "affected", version: "6.4.0.10", }, { status: "affected", version: "6.4.0.11", }, { status: "affected", version: "6.4.0.12", }, { status: "affected", version: "6.4.0.13", }, { status: "affected", version: "6.4.0.14", }, { status: "affected", version: "6.4.0.15", }, { status: "affected", version: "6.4.0.16", }, { status: "affected", version: "6.4.0.17", }, { status: "affected", version: "6.4.0.18", }, { status: "affected", version: "6.6.0", }, { status: "affected", version: "6.6.0.1", }, { status: "affected", version: "6.6.1", }, { status: "affected", version: "6.6.3", }, { status: "affected", version: "6.6.4", }, { status: "affected", version: "6.6.5", }, { status: "affected", version: "6.6.5.1", }, { status: "affected", version: "6.6.5.2", }, { status: "affected", version: "6.6.7", }, { status: "affected", version: "6.6.7.1", }, { status: "affected", version: "6.6.7.2", }, { status: "affected", version: "6.7.0", }, { status: "affected", version: "6.7.0.1", }, { status: "affected", version: "6.7.0.2", }, { status: "affected", version: "6.7.0.3", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "7.0.0.1", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "7.0.2.1", }, { status: "affected", version: "7.0.3", }, { status: "affected", version: "7.0.4", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "7.0.6", }, { status: "affected", version: "7.0.6.1", }, { status: "affected", version: "7.0.6.2", }, { status: "affected", version: "7.1.0", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.2.6", }, { status: "affected", version: "7.2.7", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.2.8", }, { status: "affected", version: "7.2.8.1", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:38:43.124Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-xss-dhJxQYZs", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs", }, ], source: { advisory: "cisco-sa-fmc-xss-dhJxQYZs", defects: [ "CSCwj11119", ], discovery: "EXTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20410", datePublished: "2024-10-23T17:38:43.124Z", dateReserved: "2023-11-08T15:08:07.662Z", dateUpdated: "2024-10-24T17:46:41.091Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20364
Vulnerability from cvelistv5
Published
2024-10-23 17:28
Modified
2024-10-24 17:47
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 6.7.0 Version: 6.7.0.1 Version: 6.7.0.2 Version: 6.7.0.3 Version: 7.0.0 Version: 7.0.0.1 Version: 7.0.1 Version: 7.0.1.1 Version: 7.0.2 Version: 7.0.2.1 Version: 7.0.3 Version: 7.0.4 Version: 7.0.5 Version: 7.0.6 Version: 7.0.6.1 Version: 7.0.6.2 Version: 7.1.0 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.2.0 Version: 7.2.1 Version: 7.2.2 Version: 7.2.0.1 Version: 7.2.3 Version: 7.2.3.1 Version: 7.2.4 Version: 7.2.4.1 Version: 7.2.5 Version: 7.2.5.1 Version: 7.2.6 Version: 7.2.7 Version: 7.2.5.2 Version: 7.2.8 Version: 7.2.8.1 Version: 7.3.0 Version: 7.3.1 Version: 7.3.1.1 Version: 7.3.1.2 Version: 7.4.0 Version: 7.4.1 Version: 7.4.1.1 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20364", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T18:39:54.804812Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T17:47:52.081Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "6.7.0", }, { status: "affected", version: "6.7.0.1", }, { status: "affected", version: "6.7.0.2", }, { status: "affected", version: "6.7.0.3", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "7.0.0.1", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "7.0.2.1", }, { status: "affected", version: "7.0.3", }, { status: "affected", version: "7.0.4", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "7.0.6", }, { status: "affected", version: "7.0.6.1", }, { status: "affected", version: "7.0.6.2", }, { status: "affected", version: "7.1.0", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.2.6", }, { status: "affected", version: "7.2.7", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.2.8", }, { status: "affected", version: "7.2.8.1", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:28:31.674Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-xss-dhJxQYZs", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs", }, ], source: { advisory: "cisco-sa-fmc-xss-dhJxQYZs", defects: [ "CSCwj09456", ], discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20364", datePublished: "2024-10-23T17:28:11.048Z", dateReserved: "2023-11-08T15:08:07.652Z", dateUpdated: "2024-10-24T17:47:52.081Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20424
Vulnerability from cvelistv5
Published
2024-10-23 17:46
Modified
2024-10-26 03:55
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root.
This vulnerability is due to insufficient input validation of certain HTTP requests. An attacker could exploit this vulnerability by authenticating to the web-based management interface of an affected device and then sending a crafted HTTP request to the device. A successful exploit could allow the attacker to execute arbitrary commands with root permissions on the underlying operating system of the Cisco FMC device or to execute commands on managed Cisco Firepower Threat Defense (FTD) devices. To exploit this vulnerability, the attacker would need valid credentials for a user account with at least the role of Security Analyst (Read Only).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 6.2.3 Version: 6.2.3.1 Version: 6.2.3.2 Version: 6.2.3.3 Version: 6.2.3.4 Version: 6.2.3.5 Version: 6.2.3.6 Version: 6.2.3.7 Version: 6.2.3.9 Version: 6.2.3.10 Version: 6.2.3.11 Version: 6.2.3.12 Version: 6.2.3.13 Version: 6.2.3.14 Version: 6.2.3.15 Version: 6.2.3.8 Version: 6.2.3.16 Version: 6.2.3.17 Version: 6.2.3.18 Version: 6.4.0 Version: 6.4.0.1 Version: 6.4.0.3 Version: 6.4.0.2 Version: 6.4.0.4 Version: 6.4.0.5 Version: 6.4.0.6 Version: 6.4.0.7 Version: 6.4.0.8 Version: 6.4.0.9 Version: 6.4.0.10 Version: 6.4.0.11 Version: 6.4.0.12 Version: 6.4.0.13 Version: 6.4.0.14 Version: 6.4.0.15 Version: 6.4.0.16 Version: 6.4.0.17 Version: 6.4.0.18 Version: 6.6.0 Version: 6.6.0.1 Version: 6.6.1 Version: 6.6.3 Version: 6.6.4 Version: 6.6.5 Version: 6.6.5.1 Version: 6.6.5.2 Version: 6.6.7 Version: 6.6.7.1 Version: 6.6.7.2 Version: 6.7.0 Version: 6.7.0.1 Version: 6.7.0.2 Version: 6.7.0.3 Version: 7.0.0 Version: 7.0.0.1 Version: 7.0.1 Version: 7.0.1.1 Version: 7.0.2 Version: 7.0.2.1 Version: 7.0.3 Version: 7.0.4 Version: 7.0.5 Version: 7.0.6 Version: 7.0.6.1 Version: 7.0.6.2 Version: 7.1.0 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.2.0 Version: 7.2.1 Version: 7.2.2 Version: 7.2.0.1 Version: 7.2.3 Version: 7.2.3.1 Version: 7.2.4 Version: 7.2.4.1 Version: 7.2.5 Version: 7.2.5.1 Version: 7.2.6 Version: 7.2.7 Version: 7.2.5.2 Version: 7.2.8 Version: 7.2.8.1 Version: 7.3.0 Version: 7.3.1 Version: 7.3.1.1 Version: 7.3.1.2 Version: 7.4.0 Version: 7.4.1 Version: 7.4.1.1 Version: 7.4.2 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "firepower_management_center", vendor: "cisco", versions: [ { status: "affected", version: "6.2.3", }, { status: "affected", version: "6.2.3.1", }, { status: "affected", version: "6.2.3.2", }, { status: "affected", version: "6.2.3.3", }, { status: "affected", version: "6.2.3.4", }, { status: "affected", version: "6.2.3.5", }, { status: "affected", version: "6.2.3.6", }, { status: "affected", version: "6.2.3.7", }, { status: "affected", version: "6.2.3.9", }, { status: "affected", version: "6.2.3.10", }, { status: "affected", version: "6.2.3.11", }, { status: "affected", version: "6.2.3.12", }, { status: "affected", version: "6.2.3.13", }, { status: "affected", version: "6.2.3.14", }, { status: "affected", version: "6.2.3.15", }, { status: "affected", version: "6.2.3.8", }, { status: "affected", version: "6.2.3.16", }, { status: "affected", version: "6.2.3.17", }, { status: "affected", version: "6.2.3.18", }, { status: "affected", version: "6.4.0", }, { status: "affected", version: "6.4.0.1", }, { status: "affected", version: "6.4.0.3", }, { status: "affected", version: "6.4.0.2", }, { status: "affected", version: "6.4.0.4", }, { status: "affected", version: "6.4.0.5", }, { status: "affected", version: "6.4.0.6", }, { status: "affected", version: "6.4.0.7", }, { status: "affected", version: "6.4.0.8", }, { status: "affected", version: "6.4.0.9", }, { status: "affected", version: "6.4.0.10", }, { status: "affected", version: "6.4.0.11", }, { status: "affected", version: "6.4.0.12", }, { status: "affected", version: "6.4.0.13", }, { status: "affected", version: "6.4.0.14", }, { status: "affected", version: "6.4.0.15", }, { status: "affected", version: "6.4.0.16", }, { status: "affected", version: "6.4.0.17", }, { status: "affected", version: "6.4.0.18", }, { status: "affected", version: "6.6.0", }, { status: "affected", version: "6.6.0.1", }, { status: "affected", version: "6.6.1", }, { status: "affected", version: "6.6.3", }, { status: "affected", version: "6.6.4", }, { status: "affected", version: "6.6.5", }, { status: "affected", version: "6.6.5.1", }, { status: "affected", version: "6.6.5.2", }, { status: "affected", version: "6.6.7", }, { status: "affected", version: "6.6.7.1", }, { status: "affected", version: "6.6.7.2", }, { status: "affected", version: "6.7.0", }, { status: "affected", version: "6.7.0.1", }, { status: "affected", version: "6.7.0.2", }, { status: "affected", version: "6.7.0.3", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "7.0.0.1", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "7.0.2.1", }, { status: "affected", version: "7.0.3", }, { status: "affected", version: "7.0.4", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "7.0.6", }, { status: "affected", version: "7.0.6.1", }, { status: "affected", version: "7.0.6.2", }, { status: "affected", version: "7.1.0", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.2.6", }, { status: "affected", version: "7.2.7", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.2.8", }, { status: "affected", version: "7.2.8.1", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, { status: "affected", version: "7.4.2", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-20424", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-25T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-26T03:55:25.923Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "6.2.3", }, { status: "affected", version: "6.2.3.1", }, { status: "affected", version: "6.2.3.2", }, { status: "affected", version: "6.2.3.3", }, { status: "affected", version: "6.2.3.4", }, { status: "affected", version: "6.2.3.5", }, { status: "affected", version: "6.2.3.6", }, { status: "affected", version: "6.2.3.7", }, { status: "affected", version: "6.2.3.9", }, { status: "affected", version: "6.2.3.10", }, { status: "affected", version: "6.2.3.11", }, { status: "affected", version: "6.2.3.12", }, { status: "affected", version: "6.2.3.13", }, { status: "affected", version: "6.2.3.14", }, { status: "affected", version: "6.2.3.15", }, { status: "affected", version: "6.2.3.8", }, { status: "affected", version: "6.2.3.16", }, { status: "affected", version: "6.2.3.17", }, { status: "affected", version: "6.2.3.18", }, { status: "affected", version: "6.4.0", }, { status: "affected", version: "6.4.0.1", }, { status: "affected", version: "6.4.0.3", }, { status: "affected", version: "6.4.0.2", }, { status: "affected", version: "6.4.0.4", }, { status: "affected", version: "6.4.0.5", }, { status: "affected", version: "6.4.0.6", }, { status: "affected", version: "6.4.0.7", }, { status: "affected", version: "6.4.0.8", }, { status: "affected", version: "6.4.0.9", }, { status: "affected", version: "6.4.0.10", }, { status: "affected", version: "6.4.0.11", }, { status: "affected", version: "6.4.0.12", }, { status: "affected", version: "6.4.0.13", }, { status: "affected", version: "6.4.0.14", }, { status: "affected", version: "6.4.0.15", }, { status: "affected", version: "6.4.0.16", }, { status: "affected", version: "6.4.0.17", }, { status: "affected", version: "6.4.0.18", }, { status: "affected", version: "6.6.0", }, { status: "affected", version: "6.6.0.1", }, { status: "affected", version: "6.6.1", }, { status: "affected", version: "6.6.3", }, { status: "affected", version: "6.6.4", }, { status: "affected", version: "6.6.5", }, { status: "affected", version: "6.6.5.1", }, { status: "affected", version: "6.6.5.2", }, { status: "affected", version: "6.6.7", }, { status: "affected", version: "6.6.7.1", }, { status: "affected", version: "6.6.7.2", }, { status: "affected", version: "6.7.0", }, { status: "affected", version: "6.7.0.1", }, { status: "affected", version: "6.7.0.2", }, { status: "affected", version: "6.7.0.3", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "7.0.0.1", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "7.0.2.1", }, { status: "affected", version: "7.0.3", }, { status: "affected", version: "7.0.4", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "7.0.6", }, { status: "affected", version: "7.0.6.1", }, { status: "affected", version: "7.0.6.2", }, { status: "affected", version: "7.1.0", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.2.6", }, { status: "affected", version: "7.2.7", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.2.8", }, { status: "affected", version: "7.2.8.1", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, { status: "affected", version: "7.4.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root.\r\n\r This vulnerability is due to insufficient input validation of certain HTTP requests. An attacker could exploit this vulnerability by authenticating to the web-based management interface of an affected device and then sending a crafted HTTP request to the device. A successful exploit could allow the attacker to execute arbitrary commands with root permissions on the underlying operating system of the Cisco FMC device or to execute commands on managed Cisco Firepower Threat Defense (FTD) devices. To exploit this vulnerability, the attacker would need valid credentials for a user account with at least the role of Security Analyst (Read Only).", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:46:24.274Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-cmd-inj-v3AWDqN7", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7", }, ], source: { advisory: "cisco-sa-fmc-cmd-inj-v3AWDqN7", defects: [ "CSCwj68540", ], discovery: "EXTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20424", datePublished: "2024-10-23T17:46:24.274Z", dateReserved: "2023-11-08T15:08:07.666Z", dateUpdated: "2024-10-26T03:55:25.923Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20300
Vulnerability from cvelistv5
Published
2024-10-23 17:08
Modified
2024-10-24 17:48
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 6.2.3.12 Version: 6.2.3.1 Version: 6.2.3.10 Version: 6.2.3.8 Version: 6.4.0.6 Version: 6.2.3 Version: 6.4.0.7 Version: 6.2.3.13 Version: 6.2.3.5 Version: 6.4.0.4 Version: 6.2.3.9 Version: 6.2.3.14 Version: 6.4.0.1 Version: 6.2.3.6 Version: 6.2.3.11 Version: 6.4.0.8 Version: 6.2.3.2 Version: 6.4.0.2 Version: 6.2.3.3 Version: 6.4.0.3 Version: 6.2.3.7 Version: 6.2.3.4 Version: 6.4.0.5 Version: 6.4.0 Version: 6.2.3.15 Version: 6.6.0 Version: 6.4.0.9 Version: 6.2.3.16 Version: 6.6.0.1 Version: 6.6.1 Version: 6.4.0.10 Version: 6.7.0 Version: 6.4.0.11 Version: 6.6.3 Version: 6.7.0.1 Version: 6.6.4 Version: 6.4.0.12 Version: 6.7.0.2 Version: 7.0.0 Version: 6.2.3.17 Version: 7.0.0.1 Version: 6.6.5 Version: 7.0.1 Version: 7.1.0 Version: 6.6.5.1 Version: 6.4.0.13 Version: 6.7.0.3 Version: 7.0.1.1 Version: 6.2.3.18 Version: 6.4.0.14 Version: 6.6.5.2 Version: 7.1.0.1 Version: 7.0.2 Version: 6.4.0.15 Version: 7.2.0 Version: 7.0.2.1 Version: 7.0.3 Version: 6.6.7 Version: 7.1.0.2 Version: 7.2.0.1 Version: 7.0.4 Version: 7.2.1 Version: 7.0.5 Version: 6.4.0.16 Version: 7.3.0 Version: 7.2.2 Version: 6.6.7.1 Version: 7.3.1 Version: 7.2.3 Version: 7.1.0.3 Version: 7.2.3.1 Version: 7.2.4 Version: 7.0.6 Version: 7.2.4.1 Version: 7.2.5 Version: 7.3.1.1 Version: 7.4.0 Version: 6.4.0.17 Version: 7.0.6.1 Version: 7.2.5.1 Version: 7.4.1 Version: 7.4.1.1 Version: 6.6.7.2 Version: 7.2.5.2 Version: 7.3.1.2 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20300", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T18:40:00.405040Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T17:48:34.738Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "6.2.3.12", }, { status: "affected", version: "6.2.3.1", }, { status: "affected", version: "6.2.3.10", }, { status: "affected", version: "6.2.3.8", }, { status: "affected", version: "6.4.0.6", }, { status: "affected", version: "6.2.3", }, { status: "affected", version: "6.4.0.7", }, { status: "affected", version: "6.2.3.13", }, { status: "affected", version: "6.2.3.5", }, { status: "affected", version: "6.4.0.4", }, { status: "affected", version: "6.2.3.9", }, { status: "affected", version: "6.2.3.14", }, { status: "affected", version: "6.4.0.1", }, { status: "affected", version: "6.2.3.6", }, { status: "affected", version: "6.2.3.11", }, { status: "affected", version: "6.4.0.8", }, { status: "affected", version: "6.2.3.2", }, { status: "affected", version: "6.4.0.2", }, { status: "affected", version: "6.2.3.3", }, { status: "affected", version: "6.4.0.3", }, { status: "affected", version: "6.2.3.7", }, { status: "affected", version: "6.2.3.4", }, { status: "affected", version: "6.4.0.5", }, { status: "affected", version: "6.4.0", }, { status: "affected", version: "6.2.3.15", }, { status: "affected", version: "6.6.0", }, { status: "affected", version: "6.4.0.9", }, { status: "affected", version: "6.2.3.16", }, { status: "affected", version: "6.6.0.1", }, { status: "affected", version: "6.6.1", }, { status: "affected", version: "6.4.0.10", }, { status: "affected", version: "6.7.0", }, { status: "affected", version: "6.4.0.11", }, { status: "affected", version: "6.6.3", }, { status: "affected", version: "6.7.0.1", }, { status: "affected", version: "6.6.4", }, { status: "affected", version: "6.4.0.12", }, { status: "affected", version: "6.7.0.2", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "6.2.3.17", }, { status: "affected", version: "7.0.0.1", }, { status: "affected", version: "6.6.5", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.1.0", }, { status: "affected", version: "6.6.5.1", }, { status: "affected", version: "6.4.0.13", }, { status: "affected", version: "6.7.0.3", }, { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "6.2.3.18", }, { status: "affected", version: "6.4.0.14", }, { status: "affected", version: "6.6.5.2", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "6.4.0.15", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.0.2.1", }, { status: "affected", version: "7.0.3", }, { status: "affected", version: "6.6.7", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.0.4", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "6.4.0.16", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "6.6.7.1", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.0.6", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "6.4.0.17", }, { status: "affected", version: "7.0.6.1", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, { status: "affected", version: "6.6.7.2", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.3.1.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:08:24.248Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-xss-dhJxQYZs", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs", }, { name: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO", }, { name: "Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication", url: "https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300", }, ], source: { advisory: "cisco-sa-fmc-xss-dhJxQYZs", defects: [ "CSCwi23477", ], discovery: "INTERNAL", }, title: "Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20300", datePublished: "2024-10-23T17:08:24.248Z", dateReserved: "2023-11-08T15:08:07.630Z", dateUpdated: "2024-10-24T17:48:34.738Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20403
Vulnerability from cvelistv5
Published
2024-10-23 17:36
Modified
2024-10-24 17:47
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 6.2.3 Version: 6.2.3.1 Version: 6.2.3.2 Version: 6.2.3.3 Version: 6.2.3.4 Version: 6.2.3.5 Version: 6.2.3.6 Version: 6.2.3.7 Version: 6.2.3.9 Version: 6.2.3.10 Version: 6.2.3.11 Version: 6.2.3.12 Version: 6.2.3.13 Version: 6.2.3.14 Version: 6.2.3.15 Version: 6.2.3.8 Version: 6.2.3.16 Version: 6.2.3.17 Version: 6.2.3.18 Version: 6.4.0 Version: 6.4.0.1 Version: 6.4.0.3 Version: 6.4.0.2 Version: 6.4.0.4 Version: 6.4.0.5 Version: 6.4.0.6 Version: 6.4.0.7 Version: 6.4.0.8 Version: 6.4.0.9 Version: 6.4.0.10 Version: 6.4.0.11 Version: 6.4.0.12 Version: 6.4.0.13 Version: 6.4.0.14 Version: 6.4.0.15 Version: 6.4.0.16 Version: 6.4.0.17 Version: 6.4.0.18 Version: 6.6.0 Version: 6.6.0.1 Version: 6.6.1 Version: 6.6.3 Version: 6.6.4 Version: 6.6.5 Version: 6.6.5.1 Version: 6.6.5.2 Version: 6.6.7 Version: 6.6.7.1 Version: 6.6.7.2 Version: 6.7.0 Version: 6.7.0.1 Version: 6.7.0.2 Version: 6.7.0.3 Version: 7.0.0 Version: 7.0.0.1 Version: 7.0.1 Version: 7.0.1.1 Version: 7.0.2 Version: 7.0.2.1 Version: 7.0.3 Version: 7.0.4 Version: 7.0.5 Version: 7.0.6 Version: 7.0.6.1 Version: 7.0.6.2 Version: 7.1.0 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.2.0 Version: 7.2.1 Version: 7.2.2 Version: 7.2.0.1 Version: 7.2.3 Version: 7.2.3.1 Version: 7.2.4 Version: 7.2.4.1 Version: 7.2.5 Version: 7.2.5.1 Version: 7.2.6 Version: 7.2.7 Version: 7.2.5.2 Version: 7.2.8 Version: 7.2.8.1 Version: 7.3.0 Version: 7.3.1 Version: 7.3.1.1 Version: 7.3.1.2 Version: 7.4.0 Version: 7.4.1 Version: 7.4.1.1 Version: 7.4.2 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20403", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T18:39:49.726716Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T17:47:15.288Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "6.2.3", }, { status: "affected", version: "6.2.3.1", }, { status: "affected", version: "6.2.3.2", }, { status: "affected", version: "6.2.3.3", }, { status: "affected", version: "6.2.3.4", }, { status: "affected", version: "6.2.3.5", }, { status: "affected", version: "6.2.3.6", }, { status: "affected", version: "6.2.3.7", }, { status: "affected", version: "6.2.3.9", }, { status: "affected", version: "6.2.3.10", }, { status: "affected", version: "6.2.3.11", }, { status: "affected", version: "6.2.3.12", }, { status: "affected", version: "6.2.3.13", }, { status: "affected", version: "6.2.3.14", }, { status: "affected", version: "6.2.3.15", }, { status: "affected", version: "6.2.3.8", }, { status: "affected", version: "6.2.3.16", }, { status: "affected", version: "6.2.3.17", }, { status: "affected", version: "6.2.3.18", }, { status: "affected", version: "6.4.0", }, { status: "affected", version: "6.4.0.1", }, { status: "affected", version: "6.4.0.3", }, { status: "affected", version: "6.4.0.2", }, { status: "affected", version: "6.4.0.4", }, { status: "affected", version: "6.4.0.5", }, { status: "affected", version: "6.4.0.6", }, { status: "affected", version: "6.4.0.7", }, { status: "affected", version: "6.4.0.8", }, { status: "affected", version: "6.4.0.9", }, { status: "affected", version: "6.4.0.10", }, { status: "affected", version: "6.4.0.11", }, { status: "affected", version: "6.4.0.12", }, { status: "affected", version: "6.4.0.13", }, { status: "affected", version: "6.4.0.14", }, { status: "affected", version: "6.4.0.15", }, { status: "affected", version: "6.4.0.16", }, { status: "affected", version: "6.4.0.17", }, { status: "affected", version: "6.4.0.18", }, { status: "affected", version: "6.6.0", }, { status: "affected", version: "6.6.0.1", }, { status: "affected", version: "6.6.1", }, { status: "affected", version: "6.6.3", }, { status: "affected", version: "6.6.4", }, { status: "affected", version: "6.6.5", }, { status: "affected", version: "6.6.5.1", }, { status: "affected", version: "6.6.5.2", }, { status: "affected", version: "6.6.7", }, { status: "affected", version: "6.6.7.1", }, { status: "affected", version: "6.6.7.2", }, { status: "affected", version: "6.7.0", }, { status: "affected", version: "6.7.0.1", }, { status: "affected", version: "6.7.0.2", }, { status: "affected", version: "6.7.0.3", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "7.0.0.1", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "7.0.2.1", }, { status: "affected", version: "7.0.3", }, { status: "affected", version: "7.0.4", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "7.0.6", }, { status: "affected", version: "7.0.6.1", }, { status: "affected", version: "7.0.6.2", }, { status: "affected", version: "7.1.0", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.2.6", }, { status: "affected", version: "7.2.7", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.2.8", }, { status: "affected", version: "7.2.8.1", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, { status: "affected", version: "7.4.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:36:14.821Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-xss-dhJxQYZs", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs", }, ], source: { advisory: "cisco-sa-fmc-xss-dhJxQYZs", defects: [ "CSCwi85823", ], discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20403", datePublished: "2024-10-23T17:36:14.821Z", dateReserved: "2023-11-08T15:08:07.660Z", dateUpdated: "2024-10-24T17:47:15.288Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20386
Vulnerability from cvelistv5
Published
2024-10-23 17:33
Modified
2024-10-24 17:47
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 6.2.3 Version: 6.2.3.1 Version: 6.2.3.2 Version: 6.2.3.3 Version: 6.2.3.4 Version: 6.2.3.5 Version: 6.2.3.6 Version: 6.2.3.7 Version: 6.2.3.9 Version: 6.2.3.10 Version: 6.2.3.11 Version: 6.2.3.12 Version: 6.2.3.13 Version: 6.2.3.14 Version: 6.2.3.15 Version: 6.2.3.8 Version: 6.2.3.16 Version: 6.2.3.17 Version: 6.2.3.18 Version: 6.4.0 Version: 6.4.0.1 Version: 6.4.0.3 Version: 6.4.0.2 Version: 6.4.0.4 Version: 6.4.0.5 Version: 6.4.0.6 Version: 6.4.0.7 Version: 6.4.0.8 Version: 6.4.0.9 Version: 6.4.0.10 Version: 6.4.0.11 Version: 6.4.0.12 Version: 6.4.0.13 Version: 6.4.0.14 Version: 6.4.0.15 Version: 6.4.0.16 Version: 6.4.0.17 Version: 6.4.0.18 Version: 6.6.0 Version: 6.6.0.1 Version: 6.6.1 Version: 6.6.3 Version: 6.6.4 Version: 6.6.5 Version: 6.6.5.1 Version: 6.6.5.2 Version: 6.6.7 Version: 6.6.7.1 Version: 6.6.7.2 Version: 6.7.0 Version: 6.7.0.1 Version: 6.7.0.2 Version: 6.7.0.3 Version: 7.0.0 Version: 7.0.0.1 Version: 7.0.1 Version: 7.0.1.1 Version: 7.0.2 Version: 7.0.2.1 Version: 7.0.3 Version: 7.0.4 Version: 7.0.5 Version: 7.0.6 Version: 7.0.6.1 Version: 7.0.6.2 Version: 7.1.0 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.2.0 Version: 7.2.1 Version: 7.2.2 Version: 7.2.0.1 Version: 7.2.3 Version: 7.2.3.1 Version: 7.2.4 Version: 7.2.4.1 Version: 7.2.5 Version: 7.2.5.1 Version: 7.2.6 Version: 7.2.7 Version: 7.2.5.2 Version: 7.2.8 Version: 7.2.8.1 Version: 7.3.0 Version: 7.3.1 Version: 7.3.1.1 Version: 7.3.1.2 Version: 7.4.0 Version: 7.4.1 Version: 7.4.1.1 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20386", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T18:39:51.098498Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T17:47:24.943Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "6.2.3", }, { status: "affected", version: "6.2.3.1", }, { status: "affected", version: "6.2.3.2", }, { status: "affected", version: "6.2.3.3", }, { status: "affected", version: "6.2.3.4", }, { status: "affected", version: "6.2.3.5", }, { status: "affected", version: "6.2.3.6", }, { status: "affected", version: "6.2.3.7", }, { status: "affected", version: "6.2.3.9", }, { status: "affected", version: "6.2.3.10", }, { status: "affected", version: "6.2.3.11", }, { status: "affected", version: "6.2.3.12", }, { status: "affected", version: "6.2.3.13", }, { status: "affected", version: "6.2.3.14", }, { status: "affected", version: "6.2.3.15", }, { status: "affected", version: "6.2.3.8", }, { status: "affected", version: "6.2.3.16", }, { status: "affected", version: "6.2.3.17", }, { status: "affected", version: "6.2.3.18", }, { status: "affected", version: "6.4.0", }, { status: "affected", version: "6.4.0.1", }, { status: "affected", version: "6.4.0.3", }, { status: "affected", version: "6.4.0.2", }, { status: "affected", version: "6.4.0.4", }, { status: "affected", version: "6.4.0.5", }, { status: "affected", version: "6.4.0.6", }, { status: "affected", version: "6.4.0.7", }, { status: "affected", version: "6.4.0.8", }, { status: "affected", version: "6.4.0.9", }, { status: "affected", version: "6.4.0.10", }, { status: "affected", version: "6.4.0.11", }, { status: "affected", version: "6.4.0.12", }, { status: "affected", version: "6.4.0.13", }, { status: "affected", version: "6.4.0.14", }, { status: "affected", version: "6.4.0.15", }, { status: "affected", version: "6.4.0.16", }, { status: "affected", version: "6.4.0.17", }, { status: "affected", version: "6.4.0.18", }, { status: "affected", version: "6.6.0", }, { status: "affected", version: "6.6.0.1", }, { status: "affected", version: "6.6.1", }, { status: "affected", version: "6.6.3", }, { status: "affected", version: "6.6.4", }, { status: "affected", version: "6.6.5", }, { status: "affected", version: "6.6.5.1", }, { status: "affected", version: "6.6.5.2", }, { status: "affected", version: "6.6.7", }, { status: "affected", version: "6.6.7.1", }, { status: "affected", version: "6.6.7.2", }, { status: "affected", version: "6.7.0", }, { status: "affected", version: "6.7.0.1", }, { status: "affected", version: "6.7.0.2", }, { status: "affected", version: "6.7.0.3", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "7.0.0.1", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "7.0.2.1", }, { status: "affected", version: "7.0.3", }, { status: "affected", version: "7.0.4", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "7.0.6", }, { status: "affected", version: "7.0.6.1", }, { status: "affected", version: "7.0.6.2", }, { status: "affected", version: "7.1.0", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.2.6", }, { status: "affected", version: "7.2.7", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.2.8", }, { status: "affected", version: "7.2.8.1", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:33:02.801Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-xss-dhJxQYZs", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs", }, ], source: { advisory: "cisco-sa-fmc-xss-dhJxQYZs", defects: [ "CSCwj19632", ], discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20386", datePublished: "2024-10-23T17:33:02.801Z", dateReserved: "2023-11-08T15:08:07.658Z", dateUpdated: "2024-10-24T17:47:24.943Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20377
Vulnerability from cvelistv5
Published
2024-10-23 17:30
Modified
2024-10-24 16:25
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to the web-based management interface not properly validating user-supplied input. An attacker could exploit this vulnerability by by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 7.0.0 Version: 7.0.0.1 Version: 7.0.1 Version: 7.0.1.1 Version: 7.0.2 Version: 7.0.2.1 Version: 7.0.3 Version: 7.0.4 Version: 7.0.5 Version: 7.0.6 Version: 7.0.6.1 Version: 7.0.6.2 Version: 7.0.6.3 Version: 7.1.0 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.2.0 Version: 7.2.1 Version: 7.2.2 Version: 7.2.0.1 Version: 7.2.3 Version: 7.2.3.1 Version: 7.2.4 Version: 7.2.4.1 Version: 7.2.5 Version: 7.2.5.1 Version: 7.2.6 Version: 7.2.7 Version: 7.2.5.2 Version: 7.2.8 Version: 7.2.8.1 Version: 7.3.0 Version: 7.3.1 Version: 7.3.1.1 Version: 7.3.1.2 Version: 7.4.0 Version: 7.4.1 Version: 7.4.1.1 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20377", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T18:46:38.709732Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T16:25:20.191Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "7.0.0", }, { status: "affected", version: "7.0.0.1", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "7.0.2.1", }, { status: "affected", version: "7.0.3", }, { status: "affected", version: "7.0.4", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "7.0.6", }, { status: "affected", version: "7.0.6.1", }, { status: "affected", version: "7.0.6.2", }, { status: "affected", version: "7.0.6.3", }, { status: "affected", version: "7.1.0", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.2.6", }, { status: "affected", version: "7.2.7", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.2.8", }, { status: "affected", version: "7.2.8.1", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability is due to the web-based management interface not properly validating user-supplied input. An attacker could exploit this vulnerability by by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:30:26.541Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-xss-infodisc-RL4mJFer", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer", }, ], source: { advisory: "cisco-sa-fmc-xss-infodisc-RL4mJFer", defects: [ "CSCwj01321", ], discovery: "EXTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20377", datePublished: "2024-10-23T17:30:26.541Z", dateReserved: "2023-11-08T15:08:07.655Z", dateUpdated: "2024-10-24T16:25:20.191Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20374
Vulnerability from cvelistv5
Published
2024-10-23 17:30
Modified
2024-10-26 03:55
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system.
This vulnerability is due to insufficient input validation of certain HTTP request parameters that are sent to the web-based management interface. An attacker could exploit this vulnerability by authenticating to the Cisco FMC web-based management interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute commands as the root user on the affected device. To exploit this vulnerability, an attacker would need Administrator-level credentials.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 6.7.0 Version: 6.7.0.1 Version: 6.7.0.2 Version: 6.7.0.3 Version: 7.0.0 Version: 7.0.0.1 Version: 7.0.1 Version: 7.0.1.1 Version: 7.0.2 Version: 7.0.2.1 Version: 7.0.3 Version: 7.0.4 Version: 7.0.5 Version: 7.0.6 Version: 7.0.6.1 Version: 7.0.6.2 Version: 7.1.0 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.2.0 Version: 7.2.1 Version: 7.2.2 Version: 7.2.0.1 Version: 7.2.3 Version: 7.2.3.1 Version: 7.2.4 Version: 7.2.4.1 Version: 7.2.5 Version: 7.2.5.1 Version: 7.2.6 Version: 7.2.7 Version: 7.2.5.2 Version: 7.2.8 Version: 7.2.8.1 Version: 7.3.0 Version: 7.3.1 Version: 7.3.1.1 Version: 7.3.1.2 Version: 7.4.0 Version: 7.4.1 Version: 7.4.1.1 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "firepower_management_center", vendor: "cisco", versions: [ { lessThanOrEqual: "6.7.0.3", status: "affected", version: "6.7.0", versionType: "custom", }, { lessThanOrEqual: "7.0.6.2", status: "affected", version: "7.0.0", versionType: "custom", }, { lessThanOrEqual: "7.1.0.3", status: "affected", version: "7.1.0", versionType: "custom", }, { lessThanOrEqual: "7.2.8.1", status: "affected", version: "7.2.0", versionType: "custom", }, { lessThanOrEqual: "7.3.1.2", status: "affected", version: "7.3.0", versionType: "custom", }, { lessThanOrEqual: "7.4.1.1", status: "affected", version: "7.4.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-20374", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-25T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-26T03:55:32.499Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "6.7.0", }, { status: "affected", version: "6.7.0.1", }, { status: "affected", version: "6.7.0.2", }, { status: "affected", version: "6.7.0.3", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "7.0.0.1", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "7.0.2.1", }, { status: "affected", version: "7.0.3", }, { status: "affected", version: "7.0.4", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "7.0.6", }, { status: "affected", version: "7.0.6.1", }, { status: "affected", version: "7.0.6.2", }, { status: "affected", version: "7.1.0", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.2.6", }, { status: "affected", version: "7.2.7", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.2.8", }, { status: "affected", version: "7.2.8.1", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system.\r\n\r This vulnerability is due to insufficient input validation of certain HTTP request parameters that are sent to the web-based management interface. An attacker could exploit this vulnerability by authenticating to the Cisco FMC web-based management interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute commands as the root user on the affected device. To exploit this vulnerability, an attacker would need Administrator-level credentials.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "Improper Privilege Management", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:30:06.650Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-cmd-inj-2HBkA97G", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-2HBkA97G", }, ], source: { advisory: "cisco-sa-fmc-cmd-inj-2HBkA97G", defects: [ "CSCwi78588", ], discovery: "EXTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20374", datePublished: "2024-10-23T17:30:06.650Z", dateReserved: "2023-11-08T15:08:07.654Z", dateUpdated: "2024-10-26T03:55:32.499Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20409
Vulnerability from cvelistv5
Published
2024-10-23 17:38
Modified
2024-10-24 17:46
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 6.2.3 Version: 6.2.3.1 Version: 6.2.3.2 Version: 6.2.3.3 Version: 6.2.3.4 Version: 6.2.3.5 Version: 6.2.3.6 Version: 6.2.3.7 Version: 6.2.3.9 Version: 6.2.3.10 Version: 6.2.3.11 Version: 6.2.3.12 Version: 6.2.3.13 Version: 6.2.3.14 Version: 6.2.3.15 Version: 6.2.3.8 Version: 6.2.3.16 Version: 6.2.3.17 Version: 6.2.3.18 Version: 6.4.0 Version: 6.4.0.1 Version: 6.4.0.3 Version: 6.4.0.2 Version: 6.4.0.4 Version: 6.4.0.5 Version: 6.4.0.6 Version: 6.4.0.7 Version: 6.4.0.8 Version: 6.4.0.9 Version: 6.4.0.10 Version: 6.4.0.11 Version: 6.4.0.12 Version: 6.4.0.13 Version: 6.4.0.14 Version: 6.4.0.15 Version: 6.4.0.16 Version: 6.4.0.17 Version: 6.4.0.18 Version: 6.6.0 Version: 6.6.0.1 Version: 6.6.1 Version: 6.6.3 Version: 6.6.4 Version: 6.6.5 Version: 6.6.5.1 Version: 6.6.5.2 Version: 6.6.7 Version: 6.6.7.1 Version: 6.6.7.2 Version: 6.7.0 Version: 6.7.0.1 Version: 6.7.0.2 Version: 6.7.0.3 Version: 7.0.0 Version: 7.0.0.1 Version: 7.0.1 Version: 7.0.1.1 Version: 7.0.2 Version: 7.0.2.1 Version: 7.0.3 Version: 7.0.4 Version: 7.0.5 Version: 7.0.6 Version: 7.0.6.1 Version: 7.0.6.2 Version: 7.1.0 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.2.0 Version: 7.2.1 Version: 7.2.2 Version: 7.2.0.1 Version: 7.2.3 Version: 7.2.3.1 Version: 7.2.4 Version: 7.2.4.1 Version: 7.2.5 Version: 7.2.5.1 Version: 7.2.6 Version: 7.2.7 Version: 7.2.5.2 Version: 7.2.8 Version: 7.2.8.1 Version: 7.3.0 Version: 7.3.1 Version: 7.3.1.1 Version: 7.3.1.2 Version: 7.4.0 Version: 7.4.1 Version: 7.4.1.1 Version: 7.4.2 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20409", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T18:39:47.027719Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T17:46:51.825Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "6.2.3", }, { status: "affected", version: "6.2.3.1", }, { status: "affected", version: "6.2.3.2", }, { status: "affected", version: "6.2.3.3", }, { status: "affected", version: "6.2.3.4", }, { status: "affected", version: "6.2.3.5", }, { status: "affected", version: "6.2.3.6", }, { status: "affected", version: "6.2.3.7", }, { status: "affected", version: "6.2.3.9", }, { status: "affected", version: "6.2.3.10", }, { status: "affected", version: "6.2.3.11", }, { status: "affected", version: "6.2.3.12", }, { status: "affected", version: "6.2.3.13", }, { status: "affected", version: "6.2.3.14", }, { status: "affected", version: "6.2.3.15", }, { status: "affected", version: "6.2.3.8", }, { status: "affected", version: "6.2.3.16", }, { status: "affected", version: "6.2.3.17", }, { status: "affected", version: "6.2.3.18", }, { status: "affected", version: "6.4.0", }, { status: "affected", version: "6.4.0.1", }, { status: "affected", version: "6.4.0.3", }, { status: "affected", version: "6.4.0.2", }, { status: "affected", version: "6.4.0.4", }, { status: "affected", version: "6.4.0.5", }, { status: "affected", version: "6.4.0.6", }, { status: "affected", version: "6.4.0.7", }, { status: "affected", version: "6.4.0.8", }, { status: "affected", version: "6.4.0.9", }, { status: "affected", version: "6.4.0.10", }, { status: "affected", version: "6.4.0.11", }, { status: "affected", version: "6.4.0.12", }, { status: "affected", version: "6.4.0.13", }, { status: "affected", version: "6.4.0.14", }, { status: "affected", version: "6.4.0.15", }, { status: "affected", version: "6.4.0.16", }, { status: "affected", version: "6.4.0.17", }, { status: "affected", version: "6.4.0.18", }, { status: "affected", version: "6.6.0", }, { status: "affected", version: "6.6.0.1", }, { status: "affected", version: "6.6.1", }, { status: "affected", version: "6.6.3", }, { status: "affected", version: "6.6.4", }, { status: "affected", version: "6.6.5", }, { status: "affected", version: "6.6.5.1", }, { status: "affected", version: "6.6.5.2", }, { status: "affected", version: "6.6.7", }, { status: "affected", version: "6.6.7.1", }, { status: "affected", version: "6.6.7.2", }, { status: "affected", version: "6.7.0", }, { status: "affected", version: "6.7.0.1", }, { status: "affected", version: "6.7.0.2", }, { status: "affected", version: "6.7.0.3", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "7.0.0.1", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "7.0.2.1", }, { status: "affected", version: "7.0.3", }, { status: "affected", version: "7.0.4", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "7.0.6", }, { status: "affected", version: "7.0.6.1", }, { status: "affected", version: "7.0.6.2", }, { status: "affected", version: "7.1.0", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.2.6", }, { status: "affected", version: "7.2.7", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.2.8", }, { status: "affected", version: "7.2.8.1", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, { status: "affected", version: "7.4.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:38:10.132Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-xss-dhJxQYZs", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs", }, ], source: { advisory: "cisco-sa-fmc-xss-dhJxQYZs", defects: [ "CSCwj77284", ], discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20409", datePublished: "2024-10-23T17:38:10.132Z", dateReserved: "2023-11-08T15:08:07.661Z", dateUpdated: "2024-10-24T17:46:51.825Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20415
Vulnerability from cvelistv5
Published
2024-10-23 17:46
Modified
2024-10-23 20:54
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 6.2.3 Version: 6.2.3.1 Version: 6.2.3.2 Version: 6.2.3.3 Version: 6.2.3.4 Version: 6.2.3.5 Version: 6.2.3.6 Version: 6.2.3.7 Version: 6.2.3.9 Version: 6.2.3.10 Version: 6.2.3.11 Version: 6.2.3.12 Version: 6.2.3.13 Version: 6.2.3.14 Version: 6.2.3.15 Version: 6.2.3.8 Version: 6.2.3.16 Version: 6.2.3.17 Version: 6.2.3.18 Version: 6.4.0 Version: 6.4.0.1 Version: 6.4.0.3 Version: 6.4.0.2 Version: 6.4.0.4 Version: 6.4.0.5 Version: 6.4.0.6 Version: 6.4.0.7 Version: 6.4.0.8 Version: 6.4.0.9 Version: 6.4.0.10 Version: 6.4.0.11 Version: 6.4.0.12 Version: 6.4.0.13 Version: 6.4.0.14 Version: 6.4.0.15 Version: 6.4.0.16 Version: 6.4.0.17 Version: 6.4.0.18 Version: 6.6.0 Version: 6.6.0.1 Version: 6.6.1 Version: 6.6.3 Version: 6.6.4 Version: 6.6.5 Version: 6.6.5.1 Version: 6.6.5.2 Version: 6.6.7 Version: 6.6.7.1 Version: 6.6.7.2 Version: 6.7.0 Version: 6.7.0.1 Version: 6.7.0.2 Version: 6.7.0.3 Version: 7.0.0 Version: 7.0.0.1 Version: 7.0.1 Version: 7.0.1.1 Version: 7.0.2 Version: 7.0.2.1 Version: 7.0.3 Version: 7.0.4 Version: 7.0.5 Version: 7.0.6 Version: 7.0.6.1 Version: 7.0.6.2 Version: 7.1.0 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.2.0 Version: 7.2.1 Version: 7.2.2 Version: 7.2.0.1 Version: 7.2.3 Version: 7.2.3.1 Version: 7.2.4 Version: 7.2.4.1 Version: 7.2.5 Version: 7.2.5.1 Version: 7.2.6 Version: 7.2.7 Version: 7.2.5.2 Version: 7.2.8 Version: 7.2.8.1 Version: 7.3.0 Version: 7.3.1 Version: 7.3.1.1 Version: 7.3.1.2 Version: 7.4.0 Version: 7.4.1 Version: 7.4.1.1 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20415", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T20:54:49.796489Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T20:54:58.239Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "6.2.3", }, { status: "affected", version: "6.2.3.1", }, { status: "affected", version: "6.2.3.2", }, { status: "affected", version: "6.2.3.3", }, { status: "affected", version: "6.2.3.4", }, { status: "affected", version: "6.2.3.5", }, { status: "affected", version: "6.2.3.6", }, { status: "affected", version: "6.2.3.7", }, { status: "affected", version: "6.2.3.9", }, { status: "affected", version: "6.2.3.10", }, { status: "affected", version: "6.2.3.11", }, { status: "affected", version: "6.2.3.12", }, { status: "affected", version: "6.2.3.13", }, { status: "affected", version: "6.2.3.14", }, { status: "affected", version: "6.2.3.15", }, { status: "affected", version: "6.2.3.8", }, { status: "affected", version: "6.2.3.16", }, { status: "affected", version: "6.2.3.17", }, { status: "affected", version: "6.2.3.18", }, { status: "affected", version: "6.4.0", }, { status: "affected", version: "6.4.0.1", }, { status: "affected", version: "6.4.0.3", }, { status: "affected", version: "6.4.0.2", }, { status: "affected", version: "6.4.0.4", }, { status: "affected", version: "6.4.0.5", }, { status: "affected", version: "6.4.0.6", }, { status: "affected", version: "6.4.0.7", }, { status: "affected", version: "6.4.0.8", }, { status: "affected", version: "6.4.0.9", }, { status: "affected", version: "6.4.0.10", }, { status: "affected", version: "6.4.0.11", }, { status: "affected", version: "6.4.0.12", }, { status: "affected", version: "6.4.0.13", }, { status: "affected", version: "6.4.0.14", }, { status: "affected", version: "6.4.0.15", }, { status: "affected", version: "6.4.0.16", }, { status: "affected", version: "6.4.0.17", }, { status: "affected", version: "6.4.0.18", }, { status: "affected", version: "6.6.0", }, { status: "affected", version: "6.6.0.1", }, { status: "affected", version: "6.6.1", }, { status: "affected", version: "6.6.3", }, { status: "affected", version: "6.6.4", }, { status: "affected", version: "6.6.5", }, { status: "affected", version: "6.6.5.1", }, { status: "affected", version: "6.6.5.2", }, { status: "affected", version: "6.6.7", }, { status: "affected", version: "6.6.7.1", }, { status: "affected", version: "6.6.7.2", }, { status: "affected", version: "6.7.0", }, { status: "affected", version: "6.7.0.1", }, { status: "affected", version: "6.7.0.2", }, { status: "affected", version: "6.7.0.3", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "7.0.0.1", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "7.0.2.1", }, { status: "affected", version: "7.0.3", }, { status: "affected", version: "7.0.4", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "7.0.6", }, { status: "affected", version: "7.0.6.1", }, { status: "affected", version: "7.0.6.2", }, { status: "affected", version: "7.1.0", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.2.6", }, { status: "affected", version: "7.2.7", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.2.8", }, { status: "affected", version: "7.2.8.1", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:46:02.736Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-xss-dhJxQYZs", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs", }, ], source: { advisory: "cisco-sa-fmc-xss-dhJxQYZs", defects: [ "CSCwi61058", ], discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20415", datePublished: "2024-10-23T17:46:02.736Z", dateReserved: "2023-11-08T15:08:07.663Z", dateUpdated: "2024-10-23T20:54:58.239Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20387
Vulnerability from cvelistv5
Published
2024-10-23 17:34
Modified
2024-10-24 17:01
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to conduct a stored XSS attack on an affected device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 6.2.3.17 Version: 6.2.3.18 Version: 6.4.0.13 Version: 6.4.0.14 Version: 6.4.0.15 Version: 6.4.0.16 Version: 6.4.0.17 Version: 6.4.0.18 Version: 6.6.0 Version: 6.6.0.1 Version: 6.6.1 Version: 6.6.3 Version: 6.6.4 Version: 6.6.5 Version: 6.6.5.1 Version: 6.6.5.2 Version: 6.6.7 Version: 6.6.7.1 Version: 6.6.7.2 Version: 7.0.6 Version: 7.0.6.1 Version: 7.0.6.2 Version: 7.2.4 Version: 7.2.4.1 Version: 7.2.5 Version: 7.2.5.1 Version: 7.2.6 Version: 7.2.7 Version: 7.2.5.2 Version: 7.2.8 Version: 7.2.8.1 Version: 7.3.0 Version: 7.3.1 Version: 7.3.1.1 Version: 7.3.1.2 Version: 7.4.0 Version: 7.4.1 Version: 7.4.1.1 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20387", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-24T17:01:27.605090Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T17:01:38.658Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "6.2.3.17", }, { status: "affected", version: "6.2.3.18", }, { status: "affected", version: "6.4.0.13", }, { status: "affected", version: "6.4.0.14", }, { status: "affected", version: "6.4.0.15", }, { status: "affected", version: "6.4.0.16", }, { status: "affected", version: "6.4.0.17", }, { status: "affected", version: "6.4.0.18", }, { status: "affected", version: "6.6.0", }, { status: "affected", version: "6.6.0.1", }, { status: "affected", version: "6.6.1", }, { status: "affected", version: "6.6.3", }, { status: "affected", version: "6.6.4", }, { status: "affected", version: "6.6.5", }, { status: "affected", version: "6.6.5.1", }, { status: "affected", version: "6.6.5.2", }, { status: "affected", version: "6.6.7", }, { status: "affected", version: "6.6.7.1", }, { status: "affected", version: "6.6.7.2", }, { status: "affected", version: "7.0.6", }, { status: "affected", version: "7.0.6.1", }, { status: "affected", version: "7.0.6.2", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.2.6", }, { status: "affected", version: "7.2.7", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.2.8", }, { status: "affected", version: "7.2.8.1", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to conduct a stored XSS attack on an affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:34:18.768Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-xss-infodisc-RL4mJFer", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer", }, ], source: { advisory: "cisco-sa-fmc-xss-infodisc-RL4mJFer", defects: [ "CSCwi99692", ], discovery: "EXTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20387", datePublished: "2024-10-23T17:34:18.768Z", dateReserved: "2023-11-08T15:08:07.658Z", dateUpdated: "2024-10-24T17:01:38.658Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20379
Vulnerability from cvelistv5
Published
2024-10-23 17:30
Modified
2024-10-23 19:40
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 7.3.0 Version: 7.3.1 Version: 7.3.1.1 Version: 7.3.1.2 Version: 7.4.0 Version: 7.4.1 Version: 7.4.1.1 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20379", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T18:46:31.621999Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T19:40:09.040Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-36", description: "Absolute Path Traversal", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:30:52.502Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-file-read-5q4mQRn", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-file-read-5q4mQRn", }, ], source: { advisory: "cisco-sa-fmc-file-read-5q4mQRn", defects: [ "CSCwi78547", ], discovery: "EXTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20379", datePublished: "2024-10-23T17:30:52.502Z", dateReserved: "2023-11-08T15:08:07.656Z", dateUpdated: "2024-10-23T19:40:09.040Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20472
Vulnerability from cvelistv5
Published
2024-10-23 17:50
Modified
2024-10-23 21:00
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit this vulnerability by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain unauthorized data from the database and make changes to the system. To exploit this vulnerability, an attacker would need Administrator-level privileges.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 7.3.0 Version: 7.3.1 Version: 7.3.1.1 Version: 7.3.1.2 Version: 7.4.0 Version: 7.4.1 Version: 7.4.1.1 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "firepower_management_center", vendor: "cisco", versions: [ { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-20472", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T20:59:33.004098Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T21:00:40.915Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.\r\n\r\nThis vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit this vulnerability by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain unauthorized data from the database and make changes to the system. To exploit this vulnerability, an attacker would need Administrator-level privileges.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:50:13.687Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-sql-inj-LOYAFcfq", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-inj-LOYAFcfq", }, ], source: { advisory: "cisco-sa-fmc-sql-inj-LOYAFcfq", defects: [ "CSCwi78598", ], discovery: "EXTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20472", datePublished: "2024-10-23T17:50:13.687Z", dateReserved: "2023-11-08T15:08:07.681Z", dateUpdated: "2024-10-23T21:00:40.915Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20388
Vulnerability from cvelistv5
Published
2024-10-23 17:35
Modified
2024-10-24 16:24
Severity ?
EPSS score ?
Summary
A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device.
This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Firepower Management Center |
Version: 6.2.3 Version: 6.2.3.1 Version: 6.2.3.2 Version: 6.2.3.3 Version: 6.2.3.4 Version: 6.2.3.5 Version: 6.2.3.6 Version: 6.2.3.7 Version: 6.2.3.9 Version: 6.2.3.10 Version: 6.2.3.11 Version: 6.2.3.12 Version: 6.2.3.13 Version: 6.2.3.14 Version: 6.2.3.15 Version: 6.2.3.8 Version: 6.2.3.16 Version: 6.2.3.17 Version: 6.2.3.18 Version: 6.4.0 Version: 6.4.0.1 Version: 6.4.0.3 Version: 6.4.0.2 Version: 6.4.0.4 Version: 6.4.0.5 Version: 6.4.0.6 Version: 6.4.0.7 Version: 6.4.0.8 Version: 6.4.0.9 Version: 6.4.0.10 Version: 6.4.0.11 Version: 6.4.0.12 Version: 6.4.0.13 Version: 6.4.0.14 Version: 6.4.0.15 Version: 6.4.0.16 Version: 6.4.0.17 Version: 6.4.0.18 Version: 6.6.0 Version: 6.6.0.1 Version: 6.6.1 Version: 6.6.3 Version: 6.6.4 Version: 6.6.5 Version: 6.6.5.1 Version: 6.6.5.2 Version: 6.6.7 Version: 6.6.7.1 Version: 6.6.7.2 Version: 6.7.0 Version: 6.7.0.1 Version: 6.7.0.2 Version: 6.7.0.3 Version: 7.0.0 Version: 7.0.0.1 Version: 7.0.1 Version: 7.0.1.1 Version: 7.0.2 Version: 7.0.2.1 Version: 7.0.3 Version: 7.0.4 Version: 7.0.5 Version: 7.0.6 Version: 7.0.6.1 Version: 7.0.6.2 Version: 7.1.0 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.2.0 Version: 7.2.1 Version: 7.2.2 Version: 7.2.0.1 Version: 7.2.3 Version: 7.2.3.1 Version: 7.2.4 Version: 7.2.4.1 Version: 7.2.5 Version: 7.2.5.1 Version: 7.2.6 Version: 7.2.7 Version: 7.2.5.2 Version: 7.2.8 Version: 7.2.8.1 Version: 7.3.0 Version: 7.3.1 Version: 7.3.1.1 Version: 7.3.1.2 Version: 7.4.0 Version: 7.4.1 Version: 7.4.1.1 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "firepower_management_center", vendor: "cisco", versions: [ { lessThanOrEqual: "6.2.3.18", status: "affected", version: "6.2.3", versionType: "custom", }, { lessThanOrEqual: "6.4.0.18", status: "affected", version: "6.4.0", versionType: "custom", }, { lessThanOrEqual: "6.6.7.2", status: "affected", version: "6.6.0", versionType: "custom", }, { lessThanOrEqual: "6.7.0.3", status: "affected", version: "6.7.0", versionType: "custom", }, { lessThanOrEqual: "7.0.6.2", status: "affected", version: "7.0.0", versionType: "custom", }, { lessThanOrEqual: "7.1.0.3", status: "affected", version: "7.1.0", versionType: "custom", }, { lessThanOrEqual: "7.2.8.1", status: "affected", version: "7.2.0", versionType: "custom", }, { lessThanOrEqual: "7.3.1.2", status: "affected", version: "7.3.0", versionType: "custom", }, { lessThanOrEqual: "7.4.1.1", status: "affected", version: "7.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "firepower_threat_defense_software", vendor: "cisco", versions: [ { lessThanOrEqual: "6.4.0.18", status: "affected", version: "6.4.0.4", versionType: "custom", }, { lessThanOrEqual: "6.6.7", status: "affected", version: "6.6.5.1", versionType: "custom", }, { status: "affected", version: "6.7.0.2", }, { lessThanOrEqual: "7.1.0.3", status: "affected", version: "7.1.0.1", versionType: "custom", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.4.1", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-20388", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T18:45:56.491861Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T16:24:24.678Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "6.2.3", }, { status: "affected", version: "6.2.3.1", }, { status: "affected", version: "6.2.3.2", }, { status: "affected", version: "6.2.3.3", }, { status: "affected", version: "6.2.3.4", }, { status: "affected", version: "6.2.3.5", }, { status: "affected", version: "6.2.3.6", }, { status: "affected", version: "6.2.3.7", }, { status: "affected", version: "6.2.3.9", }, { status: "affected", version: "6.2.3.10", }, { status: "affected", version: "6.2.3.11", }, { status: "affected", version: "6.2.3.12", }, { status: "affected", version: "6.2.3.13", }, { status: "affected", version: "6.2.3.14", }, { status: "affected", version: "6.2.3.15", }, { status: "affected", version: "6.2.3.8", }, { status: "affected", version: "6.2.3.16", }, { status: "affected", version: "6.2.3.17", }, { status: "affected", version: "6.2.3.18", }, { status: "affected", version: "6.4.0", }, { status: "affected", version: "6.4.0.1", }, { status: "affected", version: "6.4.0.3", }, { status: "affected", version: "6.4.0.2", }, { status: "affected", version: "6.4.0.4", }, { status: "affected", version: "6.4.0.5", }, { status: "affected", version: "6.4.0.6", }, { status: "affected", version: "6.4.0.7", }, { status: "affected", version: "6.4.0.8", }, { status: "affected", version: "6.4.0.9", }, { status: "affected", version: "6.4.0.10", }, { status: "affected", version: "6.4.0.11", }, { status: "affected", version: "6.4.0.12", }, { status: "affected", version: "6.4.0.13", }, { status: "affected", version: "6.4.0.14", }, { status: "affected", version: "6.4.0.15", }, { status: "affected", version: "6.4.0.16", }, { status: "affected", version: "6.4.0.17", }, { status: "affected", version: "6.4.0.18", }, { status: "affected", version: "6.6.0", }, { status: "affected", version: "6.6.0.1", }, { status: "affected", version: "6.6.1", }, { status: "affected", version: "6.6.3", }, { status: "affected", version: "6.6.4", }, { status: "affected", version: "6.6.5", }, { status: "affected", version: "6.6.5.1", }, { status: "affected", version: "6.6.5.2", }, { status: "affected", version: "6.6.7", }, { status: "affected", version: "6.6.7.1", }, { status: "affected", version: "6.6.7.2", }, { status: "affected", version: "6.7.0", }, { status: "affected", version: "6.7.0.1", }, { status: "affected", version: "6.7.0.2", }, { status: "affected", version: "6.7.0.3", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "7.0.0.1", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "7.0.2.1", }, { status: "affected", version: "7.0.3", }, { status: "affected", version: "7.0.4", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "7.0.6", }, { status: "affected", version: "7.0.6.1", }, { status: "affected", version: "7.0.6.2", }, { status: "affected", version: "7.1.0", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.2.6", }, { status: "affected", version: "7.2.7", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.2.8", }, { status: "affected", version: "7.2.8.1", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, ], }, { product: "Cisco Firepower Threat Defense Software", vendor: "Cisco", versions: [ { status: "affected", version: "6.6.5.1", }, { status: "affected", version: "6.6.7", }, { status: "affected", version: "6.4.0.4", }, { status: "affected", version: "6.4.0.10", }, { status: "affected", version: "6.4.0.12", }, { status: "affected", version: "6.4.0.14", }, { status: "affected", version: "6.4.0.16", }, { status: "affected", version: "6.4.0.18", }, { status: "affected", version: "6.7.0.2", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.4.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device.\r\n\r This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-202", description: "Exposure of Sensitive Information Through Data Queries", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:35:24.772Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-xss-infodisc-RL4mJFer", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer", }, ], source: { advisory: "cisco-sa-fmc-xss-infodisc-RL4mJFer", defects: [ "CSCwj03056", ], discovery: "EXTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20388", datePublished: "2024-10-23T17:35:24.772Z", dateReserved: "2023-11-08T15:08:07.658Z", dateUpdated: "2024-10-24T16:24:24.678Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20473
Vulnerability from cvelistv5
Published
2024-10-23 17:51
Modified
2024-10-23 20:59
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit this vulnerability by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain unauthorized data from the database and make changes to the system. To exploit this vulnerability, an attacker would need Administrator-level privileges.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 7.3.0 Version: 7.3.1 Version: 7.3.1.1 Version: 7.3.1.2 Version: 7.4.0 Version: 7.4.1 Version: 7.4.1.1 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "firepower_management_center", vendor: "cisco", versions: [ { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-20473", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T20:56:35.913710Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T20:59:03.182Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.3.1.2", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.\r\n\r\nThis vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit this vulnerability by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain unauthorized data from the database and make changes to the system. To exploit this vulnerability, an attacker would need Administrator-level privileges.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:51:01.385Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-sql-inj-LOYAFcfq", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-inj-LOYAFcfq", }, ], source: { advisory: "cisco-sa-fmc-sql-inj-LOYAFcfq", defects: [ "CSCwi78601", ], discovery: "EXTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20473", datePublished: "2024-10-23T17:51:01.385Z", dateReserved: "2023-11-08T15:08:07.681Z", dateUpdated: "2024-10-23T20:59:03.182Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20274
Vulnerability from cvelistv5
Published
2024-10-23 17:07
Modified
2024-10-24 17:49
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document.
This vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by submitting malicious content to an affected device and using the device to generate a document that contains sensitive information. A successful exploit could allow the attacker to alter the standard layout of the device-generated documents, access arbitrary files from the underlying operating system, and conduct server-side request forgery (SSRF) attacks. To successfully exploit this vulnerability, an attacker would need valid credentials for a user account with policy-editing permissions, such as Network Admin, Intrusion Admin, or any custom user role with the same capabilities.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 6.2.3.12 Version: 6.2.3.1 Version: 6.2.3.10 Version: 6.2.3.8 Version: 6.4.0.6 Version: 6.2.3 Version: 6.4.0.7 Version: 6.2.3.13 Version: 6.2.3.5 Version: 6.4.0.4 Version: 6.2.3.9 Version: 6.2.3.14 Version: 6.4.0.1 Version: 6.2.3.6 Version: 6.2.3.11 Version: 6.4.0.8 Version: 6.2.3.2 Version: 6.4.0.2 Version: 6.2.3.3 Version: 6.4.0.3 Version: 6.2.3.7 Version: 6.2.3.4 Version: 6.4.0.5 Version: 6.4.0 Version: 6.2.3.15 Version: 6.6.0 Version: 6.4.0.9 Version: 6.2.3.16 Version: 6.6.0.1 Version: 6.6.1 Version: 6.4.0.10 Version: 6.7.0 Version: 6.4.0.11 Version: 6.6.3 Version: 6.7.0.1 Version: 6.6.4 Version: 6.4.0.12 Version: 6.7.0.2 Version: 7.0.0 Version: 6.2.3.17 Version: 7.0.0.1 Version: 6.6.5 Version: 7.0.1 Version: 7.1.0 Version: 6.6.5.1 Version: 6.4.0.13 Version: 6.7.0.3 Version: 7.0.1.1 Version: 6.2.3.18 Version: 6.4.0.14 Version: 6.6.5.2 Version: 7.1.0.1 Version: 7.0.2 Version: 6.4.0.15 Version: 7.2.0 Version: 7.0.2.1 Version: 7.0.3 Version: 6.6.7 Version: 7.1.0.2 Version: 7.2.0.1 Version: 7.0.4 Version: 7.2.1 Version: 7.0.5 Version: 6.4.0.16 Version: 7.3.0 Version: 7.2.2 Version: 6.6.7.1 Version: 7.3.1 Version: 7.2.3 Version: 7.1.0.3 Version: 7.2.3.1 Version: 7.2.4 Version: 7.0.6 Version: 7.2.4.1 Version: 7.2.5 Version: 7.3.1.1 Version: 7.4.0 Version: 6.4.0.17 Version: 7.0.6.1 Version: 7.2.5.1 Version: 7.4.1 Version: 7.4.1.1 Version: 6.4.0.18 Version: 6.6.7.2 Version: 7.2.5.2 Version: 7.3.1.2 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20274", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T18:40:04.849611Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T17:49:00.205Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "6.2.3.12", }, { status: "affected", version: "6.2.3.1", }, { status: "affected", version: "6.2.3.10", }, { status: "affected", version: "6.2.3.8", }, { status: "affected", version: "6.4.0.6", }, { status: "affected", version: "6.2.3", }, { status: "affected", version: "6.4.0.7", }, { status: "affected", version: "6.2.3.13", }, { status: "affected", version: "6.2.3.5", }, { status: "affected", version: "6.4.0.4", }, { status: "affected", version: "6.2.3.9", }, { status: "affected", version: "6.2.3.14", }, { status: "affected", version: "6.4.0.1", }, { status: "affected", version: "6.2.3.6", }, { status: "affected", version: "6.2.3.11", }, { status: "affected", version: "6.4.0.8", }, { status: "affected", version: "6.2.3.2", }, { status: "affected", version: "6.4.0.2", }, { status: "affected", version: "6.2.3.3", }, { status: "affected", version: "6.4.0.3", }, { status: "affected", version: "6.2.3.7", }, { status: "affected", version: "6.2.3.4", }, { status: "affected", version: "6.4.0.5", }, { status: "affected", version: "6.4.0", }, { status: "affected", version: "6.2.3.15", }, { status: "affected", version: "6.6.0", }, { status: "affected", version: "6.4.0.9", }, { status: "affected", version: "6.2.3.16", }, { status: "affected", version: "6.6.0.1", }, { status: "affected", version: "6.6.1", }, { status: "affected", version: "6.4.0.10", }, { status: "affected", version: "6.7.0", }, { status: "affected", version: "6.4.0.11", }, { status: "affected", version: "6.6.3", }, { status: "affected", version: "6.7.0.1", }, { status: "affected", version: "6.6.4", }, { status: "affected", version: "6.4.0.12", }, { status: "affected", version: "6.7.0.2", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "6.2.3.17", }, { status: "affected", version: "7.0.0.1", }, { status: "affected", version: "6.6.5", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.1.0", }, { status: "affected", version: "6.6.5.1", }, { status: "affected", version: "6.4.0.13", }, { status: "affected", version: "6.7.0.3", }, { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "6.2.3.18", }, { status: "affected", version: "6.4.0.14", }, { status: "affected", version: "6.6.5.2", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "6.4.0.15", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.0.2.1", }, { status: "affected", version: "7.0.3", }, { status: "affected", version: "6.6.7", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.0.4", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "6.4.0.16", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "6.6.7.1", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.0.6", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "6.4.0.17", }, { status: "affected", version: "7.0.6.1", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, { status: "affected", version: "6.4.0.18", }, { status: "affected", version: "6.6.7.2", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.3.1.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document.\r\n\r\nThis vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by submitting malicious content to an affected device and using the device to generate a document that contains sensitive information. A successful exploit could allow the attacker to alter the standard layout of the device-generated documents, access arbitrary files from the underlying operating system, and conduct server-side request forgery (SSRF) attacks. To successfully exploit this vulnerability, an attacker would need valid credentials for a user account with policy-editing permissions, such as Network Admin, Intrusion Admin, or any custom user role with the same capabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "Improper Input Validation", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:07:36.671Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-html-inj-nfJeYHxz", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-html-inj-nfJeYHxz", }, { name: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO", }, { name: "Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication", url: "https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300", }, ], source: { advisory: "cisco-sa-fmc-html-inj-nfJeYHxz", defects: [ "CSCwe20634", ], discovery: "INTERNAL", }, title: "Cisco Secure Firewall Management Center HTML Injection Vulnerability", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20274", datePublished: "2024-10-23T17:07:36.671Z", dateReserved: "2023-11-08T15:08:07.625Z", dateUpdated: "2024-10-24T17:49:00.205Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20298
Vulnerability from cvelistv5
Published
2024-10-23 17:08
Modified
2024-10-24 17:48
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 7.3.0 Version: 7.3.1 Version: 7.3.1.1 Version: 7.4.0 Version: 7.4.1 Version: 7.4.1.1 Version: 7.3.1.2 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20298", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T18:40:02.693917Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T17:48:48.927Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, { status: "affected", version: "7.3.1.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:08:03.318Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-xss-dhJxQYZs", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs", }, { name: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO", }, { name: "Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication", url: "https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300", }, ], source: { advisory: "cisco-sa-fmc-xss-dhJxQYZs", defects: [ "CSCwi32423", ], discovery: "INTERNAL", }, title: "Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20298", datePublished: "2024-10-23T17:08:03.318Z", dateReserved: "2023-11-08T15:08:07.629Z", dateUpdated: "2024-10-24T17:48:48.927Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20275
Vulnerability from cvelistv5
Published
2024-10-23 17:07
Modified
2024-10-26 03:55
Severity ?
EPSS score ?
Summary
A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system.
This vulnerability is due to insufficient validation of user data that is supplied through the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary operating system commands on the affected device. To exploit this vulnerability, an attacker would need valid credentials for a user account with at least the role of Network Administrator. In addition, the attacker would need to persuade a legitimate user to initiate a cluster backup on the affected device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 7.1.0 Version: 7.1.0.1 Version: 7.2.0 Version: 7.1.0.2 Version: 7.2.0.1 Version: 7.2.1 Version: 7.3.0 Version: 7.2.2 Version: 7.3.1 Version: 7.2.3 Version: 7.1.0.3 Version: 7.2.3.1 Version: 7.2.4 Version: 7.2.4.1 Version: 7.2.5 Version: 7.3.1.1 Version: 7.4.0 Version: 7.2.5.1 Version: 7.4.1 Version: 7.4.1.1 Version: 7.2.5.2 Version: 7.3.1.2 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:cisco:secure_firewall_management_center_software:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "secure_firewall_management_center_software", vendor: "cisco", versions: [ { lessThanOrEqual: "7.4.1.1", status: "affected", version: "7.1.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-20275", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-25T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-26T03:55:31.187Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "7.1.0", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.1.1", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.3.1.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system.\r\n\r\nThis vulnerability is due to insufficient validation of user data that is supplied through the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary operating system commands on the affected device. To exploit this vulnerability, an attacker would need valid credentials for a user account with at least the role of Network Administrator. In addition, the attacker would need to persuade a legitimate user to initiate a cluster backup on the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:07:44.671Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-cmd-inj-g8AOKnDP", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-g8AOKnDP", }, { name: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO", }, { name: "Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication", url: "https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300", }, ], source: { advisory: "cisco-sa-fmc-cmd-inj-g8AOKnDP", defects: [ "CSCwd08230", ], discovery: "INTERNAL", }, title: "Cisco Secure Firewall Management Center Software Backup Cluster Command Injection Vulnerability", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20275", datePublished: "2024-10-23T17:07:44.671Z", dateReserved: "2023-11-08T15:08:07.625Z", dateUpdated: "2024-10-26T03:55:31.187Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20264
Vulnerability from cvelistv5
Published
2024-10-23 17:06
Modified
2024-10-24 17:52
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 7.1.0 Version: 7.1.0.1 Version: 7.2.0 Version: 7.1.0.2 Version: 7.2.0.1 Version: 7.2.1 Version: 7.2.2 Version: 7.2.3 Version: 7.1.0.3 Version: 7.2.3.1 Version: 7.2.4 Version: 7.2.4.1 Version: 7.2.5 Version: 7.2.5.1 Version: 7.2.5.2 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20264", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T18:40:12.685847Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T17:52:43.490Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "7.1.0", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "7.2.5.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:06:48.407Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-xss-dhJxQYZs", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs", }, { name: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO", }, { name: "Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication", url: "https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300", }, ], source: { advisory: "cisco-sa-fmc-xss-dhJxQYZs", defects: [ "CSCwf61443", ], discovery: "INTERNAL", }, title: "Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20264", datePublished: "2024-10-23T17:06:48.407Z", dateReserved: "2023-11-08T15:08:07.624Z", dateUpdated: "2024-10-24T17:52:43.490Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20269
Vulnerability from cvelistv5
Published
2024-10-23 17:07
Modified
2024-10-24 17:51
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center |
Version: 6.2.3.12 Version: 6.2.3.1 Version: 6.2.3.10 Version: 6.2.3.8 Version: 6.4.0.6 Version: 6.2.3 Version: 6.4.0.7 Version: 6.2.3.13 Version: 6.2.3.5 Version: 6.4.0.4 Version: 6.2.3.9 Version: 6.2.3.14 Version: 6.4.0.1 Version: 6.2.3.6 Version: 6.2.3.11 Version: 6.4.0.8 Version: 6.2.3.2 Version: 6.4.0.2 Version: 6.2.3.3 Version: 6.4.0.3 Version: 6.2.3.7 Version: 6.2.3.4 Version: 6.4.0.5 Version: 6.4.0 Version: 6.2.3.15 Version: 6.6.0 Version: 6.4.0.9 Version: 6.2.3.16 Version: 6.6.0.1 Version: 6.6.1 Version: 6.4.0.10 Version: 6.7.0 Version: 6.4.0.11 Version: 6.6.3 Version: 6.7.0.1 Version: 6.6.4 Version: 6.4.0.12 Version: 6.7.0.2 Version: 7.0.0 Version: 6.2.3.17 Version: 7.0.0.1 Version: 6.6.5 Version: 7.0.1 Version: 7.1.0 Version: 6.6.5.1 Version: 6.4.0.13 Version: 6.7.0.3 Version: 7.0.1.1 Version: 6.2.3.18 Version: 6.4.0.14 Version: 6.6.5.2 Version: 7.1.0.1 Version: 7.0.2 Version: 6.4.0.15 Version: 7.2.0 Version: 7.0.2.1 Version: 7.0.3 Version: 6.6.7 Version: 7.1.0.2 Version: 7.2.0.1 Version: 7.0.4 Version: 7.2.1 Version: 7.0.5 Version: 6.4.0.16 Version: 7.3.0 Version: 7.2.2 Version: 6.6.7.1 Version: 7.3.1 Version: 7.2.3 Version: 7.1.0.3 Version: 7.2.3.1 Version: 7.2.4 Version: 7.0.6 Version: 7.2.4.1 Version: 7.2.5 Version: 7.3.1.1 Version: 7.4.0 Version: 6.4.0.17 Version: 7.0.6.1 Version: 7.2.5.1 Version: 6.6.7.2 Version: 7.2.5.2 Version: 7.3.1.2 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20269", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T18:40:08.577971Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T17:51:06.493Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Cisco Firepower Management Center", vendor: "Cisco", versions: [ { status: "affected", version: "6.2.3.12", }, { status: "affected", version: "6.2.3.1", }, { status: "affected", version: "6.2.3.10", }, { status: "affected", version: "6.2.3.8", }, { status: "affected", version: "6.4.0.6", }, { status: "affected", version: "6.2.3", }, { status: "affected", version: "6.4.0.7", }, { status: "affected", version: "6.2.3.13", }, { status: "affected", version: "6.2.3.5", }, { status: "affected", version: "6.4.0.4", }, { status: "affected", version: "6.2.3.9", }, { status: "affected", version: "6.2.3.14", }, { status: "affected", version: "6.4.0.1", }, { status: "affected", version: "6.2.3.6", }, { status: "affected", version: "6.2.3.11", }, { status: "affected", version: "6.4.0.8", }, { status: "affected", version: "6.2.3.2", }, { status: "affected", version: "6.4.0.2", }, { status: "affected", version: "6.2.3.3", }, { status: "affected", version: "6.4.0.3", }, { status: "affected", version: "6.2.3.7", }, { status: "affected", version: "6.2.3.4", }, { status: "affected", version: "6.4.0.5", }, { status: "affected", version: "6.4.0", }, { status: "affected", version: "6.2.3.15", }, { status: "affected", version: "6.6.0", }, { status: "affected", version: "6.4.0.9", }, { status: "affected", version: "6.2.3.16", }, { status: "affected", version: "6.6.0.1", }, { status: "affected", version: "6.6.1", }, { status: "affected", version: "6.4.0.10", }, { status: "affected", version: "6.7.0", }, { status: "affected", version: "6.4.0.11", }, { status: "affected", version: "6.6.3", }, { status: "affected", version: "6.7.0.1", }, { status: "affected", version: "6.6.4", }, { status: "affected", version: "6.4.0.12", }, { status: "affected", version: "6.7.0.2", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "6.2.3.17", }, { status: "affected", version: "7.0.0.1", }, { status: "affected", version: "6.6.5", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.1.0", }, { status: "affected", version: "6.6.5.1", }, { status: "affected", version: "6.4.0.13", }, { status: "affected", version: "6.7.0.3", }, { status: "affected", version: "7.0.1.1", }, { status: "affected", version: "6.2.3.18", }, { status: "affected", version: "6.4.0.14", }, { status: "affected", version: "6.6.5.2", }, { status: "affected", version: "7.1.0.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "6.4.0.15", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.0.2.1", }, { status: "affected", version: "7.0.3", }, { status: "affected", version: "6.6.7", }, { status: "affected", version: "7.1.0.2", }, { status: "affected", version: "7.2.0.1", }, { status: "affected", version: "7.0.4", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "6.4.0.16", }, { status: "affected", version: "7.3.0", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "6.6.7.1", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.1.0.3", }, { status: "affected", version: "7.2.3.1", }, { status: "affected", version: "7.2.4", }, { status: "affected", version: "7.0.6", }, { status: "affected", version: "7.2.4.1", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.3.1.1", }, { status: "affected", version: "7.4.0", }, { status: "affected", version: "6.4.0.17", }, { status: "affected", version: "7.0.6.1", }, { status: "affected", version: "7.2.5.1", }, { status: "affected", version: "6.6.7.2", }, { status: "affected", version: "7.2.5.2", }, { status: "affected", version: "7.3.1.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T17:07:09.355Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-fmc-xss-dhJxQYZs", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs", }, { name: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO", }, { name: "Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication", url: "https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300", }, ], source: { advisory: "cisco-sa-fmc-xss-dhJxQYZs", defects: [ "CSCwh69787", ], discovery: "INTERNAL", }, title: "Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20269", datePublished: "2024-10-23T17:07:09.355Z", dateReserved: "2023-11-08T15:08:07.624Z", dateUpdated: "2024-10-24T17:51:06.493Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.