CNVD-2024-43204 — Vulnetix

CNVD-2024-43204 PUBLISHED CVSS 4.800000190734863 MEDIUM

Cisco Firepower Management Center（FMC）是美国思科（Cisco）公司的新一代防火墙管理中心软件。 Cisco Firepower Management Center存在跨站脚本漏洞，该漏洞源于Web管理界面对用户提供的输入未进行充分验证，攻击者可利用该漏洞执行任意脚本代码，访问基于浏览器的敏感信息。

Risk Scores

CVSS 3.1

4.800000190734863

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Cisco	Cisco Firepower Management Center	6.2.3.12, 6.2.3.1, 6.2.3.10

Exploit Intelligence

cisco-sa-fmc-xss-dhJxQYZs (circl)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO (circl)
Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication (circl)
CIRCL seen: CVE-2024-20300 (circl-sighting)

Timeline

Oct 23, 2024 CVE Published
Oct 23, 2024 PoC Published

References

cisco-sa-fmc-xss-dhJxQYZs url
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO url
Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication url

Open in Interactive Console →