Cisco Addresses High-Severity Vulnerability in Firepower Management Center

May 27, 2024

Cisco has recently dealt with a high-severity vulnerability in the web-based management interface of the Firepower Management Center (FMC) Software. This vulnerability is identified as CVE-2024-20360 and has a CVSS score of 8.8. The flaw is a SQL injection issue that could allow an attacker to access any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root. However, the attacker would need at least Read Only user credentials to exploit this vulnerability.

The advisory states, “A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.” It further explains, “This vulnerability exists because the web-based management interface does not adequately validate user input. An attacker could exploit this vulnerability by authenticating to the application and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root. To exploit this vulnerability, an attacker would need at least Read Only user credentials.”

Cisco has confirmed that there are no workarounds that can address this vulnerability. Furthermore, the company has reassured that this vulnerability does not affect Adaptive Security Appliance (ASA) Software or Firepower Threat Defense (FTD) Software. The Cisco Product Security Incident Response Team (PSIRT) has not reported any instances of this vulnerability being exploited in the wild.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.