Cisco FMC CVE-2024-20424 Command Injection Vulnerability Advisory

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: Cisco Secure Firewall Management Center Software Command Injection Vulnerability - Vulnerability ID: cisco-sa-fmc-cmd-inj-v3AWDqN7 - CVE Number: CVE-2024-20424 - CVSS Score: Base 9.9 2. Affected Products: - Cisco Secure Firewall Management Center (FMC) Software, also known as Firepower Management Center Software. 3. Vulnerability Impact: - Remote attackers can exploit this vulnerability by authenticating to the web management interface of the affected device and sending a crafted HTTP request. - Successful exploitation allows attackers to execute arbitrary commands with root privileges, including on the Cisco FMC device itself or on managed Cisco Firepower Threat Defense (FTD) devices. - To exploit this vulnerability, attackers require valid credentials, at least a user account with the Security Analyst (Read Only) role. 4. Remediation: - Cisco has released software updates to address this vulnerability. - No workarounds are available to mitigate this vulnerability. 5. Affected Product List: - Adaptive Security Appliance (ASA) Software - FTD Software - Next-Generation Intrusion Prevention System (NGIPS) 6. Workarounds: - No workarounds are available to mitigate this vulnerability. 7. Affected Product List: - Cisco ASA, FMC, and FTD Software 8. Exploitation and Public Announcements: - The vulnerability was discovered during internal security testing. There are currently no known public announcements or malicious exploits. 9. Source: - The vulnerability was discovered during internal security testing. 10. URL: - Detailed information page: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7 11. Revision History: - Version 1.0: Initial public release, status is Final, published on October 23, 2024. This information provides a detailed description of the vulnerability, affected products, remediation steps, and source details.

Goal Reached Thanks to every supporter — we hit 100%!

Cisco FMC CVE-2024-20424 Command Injection Vulnerability Advisory