A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Nov 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cisco secure Firewall Management Center
|
|
CPEs | cpe:2.3:a:cisco:firepower_management_center:7.3.1.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_management_center:7.3.1.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_management_center:7.3.1:*:*:*:*:*:*:* |
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1:*:*:*:*:*:*:* |
Vendors & Products |
Cisco secure Firewall Management Center
|
Fri, 01 Nov 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cisco
Cisco firepower Management Center |
|
Weaknesses | CWE-22 | |
CPEs | cpe:2.3:a:cisco:firepower_management_center:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_management_center:7.3.1.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_management_center:7.3.1.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_management_center:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_management_center:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_management_center:7.4.1.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_management_center:7.4.1:*:*:*:*:*:*:* |
|
Vendors & Products |
Cisco
Cisco firepower Management Center |
Wed, 23 Oct 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 23 Oct 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability. | |
Weaknesses | CWE-36 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2024-10-23T17:30:52.502Z
Updated: 2024-10-23T19:40:09.040Z
Reserved: 2023-11-08T15:08:07.656Z
Link: CVE-2024-20379
Vulnrichment
Updated: 2024-10-23T18:46:42.003Z
NVD
Status : Analyzed
Published: 2024-10-23T18:15:06.553
Modified: 2024-11-26T16:09:02.407
Link: CVE-2024-20379
Redhat
No data.