Cisco FMC Command Injection Vulnerability (CVE-2024-20374) Advisory

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: Cisco Secure Firewall Management Center Software Command Injection Vulnerability - Vulnerability ID: cisco-sa-fmc-cmd-inj-2HBkA97G - CVE Number: CVE-2024-20374 - CWE Number: CWE-269 - Release Date: October 23, 2024 - Severity: Medium 2. Affected Products: - Cisco Secure Firewall Management Center (FMC) Software, also known as Firepower Management Center Software. 3. Vulnerability Impact: - Description: Due to insufficient input validation, an attacker can execute arbitrary commands by sending HTTP requests to the FMC web-based management interface. - Attack Vector: Requires an authenticated user with administrator privileges, who then sends a crafted HTTP request to the affected device. - Impact: Attackers can execute arbitrary commands, requiring administrator credentials. 4. Remediation: - Cisco has released software updates to fix this vulnerability. - No workarounds are available. 5. List of Affected Products: - Adaptive Security Appliance (ASA) Software - Firepower Threat Defense (FTD) Software - Next-Generation Intrusion Prevention System (NGIPS) 6. Additional Details: - For affected Cisco products, administrator accounts can, by default, access the underlying operating system via expert mode. - On systems with default configurations, attackers gain no advantage from this vulnerability, as all command execution capabilities are already accessible through legitimate means. - For deployments that prevent administrator access to expert mode (e.g., multi-instance deployments or systems configured with the system lock-sensor command), attackers can exploit this vulnerability to regain access to the expert mode command prompt. 7. Workarounds: - No workarounds are available. 8. Related Resources: - Cisco Software Checker tool to determine if devices are exposed to vulnerabilities in Cisco ASA, FMC, and FTD software. - Cisco ASA Compatibility Documentation, Cisco Secure Firewall ASA Upgrade Guide, and Cisco Secure Firewall Threat Defense Compatibility Guide. 9. Source: - Thanks to Kentaro Kawane of GMO Cybersecurity by ierae for reporting this vulnerability. 10. URL: - Vulnerability details page URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-2HBkA97G 11. Revision History: - Version 1.0: Initial release. 12. Disclaimer: - This document is provided "AS IS" without warranty of any kind, including but not limited to the warranties of merchantability or fitness for a particular purpose. The use of this document or any materials linked to it is at the user’s own risk. Cisco reserves the right to modify or update this document at any time. This information provides a detailed description of the vulnerability, affected products, remediation steps, and related resources.

Goal Reached Thanks to every supporter — we hit 100%!

Cisco FMC Command Injection Vulnerability (CVE-2024-20374) Advisory