A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.
History

Tue, 26 Nov 2024 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Cisco secure Firewall Management Center
CPEs cpe:2.3:a:cisco:firepower_management_center:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:7.3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:7.3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1:*:*:*:*:*:*:*
Vendors & Products Cisco secure Firewall Management Center

Fri, 01 Nov 2024 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco firepower Management Center
Weaknesses CWE-22
CPEs cpe:2.3:a:cisco:firepower_management_center:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:7.3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:7.3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:7.4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:7.4.1:*:*:*:*:*:*:*
Vendors & Products Cisco
Cisco firepower Management Center

Wed, 23 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 23 Oct 2024 17:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.
Weaknesses CWE-36
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2024-10-23T17:30:52.502Z

Updated: 2024-10-23T19:40:09.040Z

Reserved: 2023-11-08T15:08:07.656Z

Link: CVE-2024-20379

cve-icon Vulnrichment

Updated: 2024-10-23T18:46:42.003Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-23T18:15:06.553

Modified: 2024-11-26T16:09:02.407

Link: CVE-2024-20379

cve-icon Redhat

No data.