Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2024-20361 |
CWE-ID | CWE-264 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Cisco Firepower Management Center Client/Desktop applications / Antivirus software/Personal firewalls |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU89831
Risk: Medium
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20361
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass configured access controls.
The vulnerability exists due to the incorrect deployment of the Object Groups for Access Control Lists (ACLs) feature from Cisco FMC Software to managed FTD devices in high-availability setups. A remote attacker can bypass configured access controls and send traffic to devices that are expected to be protected by the affected device.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco Firepower Management Center: 7.1.0 - 7.3.1
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.