CNVD-2024-44489 — Vulnetix

CNVD-2024-44489 PUBLISHED CVSS 5.5 MEDIUM

Cisco Secure Firewall Management Center是美国思科（Cisco）公司的一个强大的网络安全管理工具。 Cisco Secure Firewall Management Center存在服务器端请求伪造漏洞，该漏洞源于对用户提供的数据验证不当。攻击者可利用该漏洞更改设备生成的文档的标准布局，从底层操作系统访问任意文件，并执行服务器端请求伪造攻击。

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Cisco	Cisco Firepower Management Center	6.2.3.12, 6.2.3.1, 6.2.3.10

Exploit Intelligence

CIRCL seen: CVE-2024-20274 (circl-sighting)
cisco-sa-fmc-html-inj-nfJeYHxz (circl)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO (circl)
Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication (circl)

Timeline

Oct 23, 2024 CVE Published
Oct 23, 2024 PoC Published
Oct 31, 2024 CVE ID Reserved

References

cisco-sa-fmc-html-inj-nfJeYHxz url
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO url
Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication url

Open in Interactive Console →