VDB
CVE-2024-20379
CVE-2024-20379
PUBLISHED
Es bestehen mehrere Schwachstellen im Cisco Secure Firewall Management Center. Diese Fehler betreffen die webbasierte Verwaltungsoberfläche und die Kennwortverwaltung aufgrund eines Logikfehlers bei Kennwortaktualisierungen und einer unzureichenden Validierung der vom Benutzer bereitgestellten Eingaben. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, insbesondere um konfigurierte Benutzernamen zu ermitteln und beliebige Dateien auf dem zugrunde liegenden Betriebssystem des betroffenen Geräts zu lesen.
EPSS 0.23% · 46.3th percentile
Risk Scores
EPSS Score
0.23%
46.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Secure Firewall Management Center |
Exploit Intelligence
- cisco-sa-fmc-file-read-5q4mQRn (circl)
Timeline
- Oct 23, 2024 CVE Published
- Oct 24, 2024 EPSS Score
- Oct 24, 2024 Coalition ESS Score
- Oct 25, 2024 Coalition ESS Score
- Nov 7, 2024 Coalition ESS Score
- Nov 11, 2024 EPSS Score
- Nov 30, 2024 EPSS Score
- Dec 19, 2024 EPSS Score
- Dec 25, 2024 Coalition ESS Score
- Jan 6, 2025 EPSS Score
- Jan 25, 2025 EPSS Score
- Feb 12, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3267.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3267 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-2HBkA97G advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-g8AOKnDP advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-file-read-5q4mQRn advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-html-inj-nfJeYHxz advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-priv-esc-CMQ4S6m7 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-inject-2EnmTC8v advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-inj-LOYAFcfq advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs advisory