#VU99292 OS Command Injection in Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC) - CVE-2024-20424
Vulnerability identifier: #VU99292
Vulnerability risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID:
CWE-ID:
CWE-78
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC)
Client/Desktop applications /
Antivirus software/Personal firewalls
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote user with at least the role of Security Analyst (Read Only) can send a specially crafted HTTP request to the affected device and execute arbitrary OS commands on the target system with root privileges.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC): 6.4.0 - 6.4.0.17, 6.5.0 - 6.5.2.0, 6.6.0 - 6.6.7, 6.7.0 - 6.7.0.3, 7.0.0 - 7.0.6.2, 7.1 - 7.1.1, 7.2.0 - 7.2.7, 7.3.0 - 7.3.1.2, 7.4.0 - 7.4.1.1
External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwj68540
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
