VDB
CVE-2024-20424
CVE-2024-20424
PUBLISHED
Es bestehen mehrere Schwachstellen im Cisco Secure Firewall Management Center. Diese Fehler betreffen die Cluster-Backup-Funktion und die webbasierte Verwaltungsschnittstelle aufgrund einer unzureichenden Eingabevalidierung bestimmter HTTP-Anfragen und Benutzerdaten. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, sogar mit Root-Rechten. Um die Schwachstellen auszunutzen, muss der Angreifer über eine bestimmte Rolle oder erhöhte Rechte verfügen. Eine der Schwachstellen erfordert eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden, muss der Angreifer einen legitimen Benutzer überzeugen, ein Cluster-Backup zu initiieren.
EPSS 1.37% · 80.5th percentile
Risk Scores
EPSS Score
1.37%
80.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Secure Firewall Management Center |
Timeline
- Oct 23, 2024 CVE Published
- Oct 24, 2024 EPSS Score
- Oct 24, 2024 Coalition ESS Score
- Oct 24, 2024 PoC Published
- Oct 24, 2024 PoC Published
- Oct 25, 2024 Coalition ESS Score
- Oct 26, 2024 CVE Updated
- Nov 5, 2024 Coalition ESS Score
- Nov 7, 2024 Coalition ESS Score
- Nov 11, 2024 EPSS Score
- Nov 30, 2024 EPSS Score
- Dec 19, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3267.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3267 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-2HBkA97G advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-g8AOKnDP advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-file-read-5q4mQRn advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-html-inj-nfJeYHxz advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-priv-esc-CMQ4S6m7 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-inject-2EnmTC8v advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-inj-LOYAFcfq advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs advisory