CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-20424

CVSS 9.9v3.1pub. 2024-10-23upd. 2024-11-01

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient input validation of certain HTTP requests. An attacker could exploit this vulnerability by authenticating to the web-based management interface of an affected device and then sending a crafted HTTP request to the device. A successful exploit could allow the attacker to execute arbitrary commands with root permissions on the underlying operating system of the Cisco FMC device or to execute commands on managed Cisco Firepower Threat Defense (FTD) devices. To exploit this vulnerability, the attacker would need valid credentials for a user account with at least the role of Security Analyst (Read Only).

🤖 AI Analysis
How it works

The vulnerability results from insufficient validation of input data in specific HTTP requests directed to the management interface. An attacker, after authenticating in the web interface, sends a crafted HTTP request to the vulnerable device. The command injection mechanism allows injection and execution of arbitrary system commands. The scope of the attack extends beyond the FMC server itself — it is also possible to execute commands on managed Cisco Firepower Threat Defense (FTD) devices.

Impact

An attacker can gain full control of the Cisco FMC device operating system with root privileges, and also execute commands on connected Cisco FTD devices. This results in complete compromise of the firewall infrastructure, including the ability to read and modify network security configurations.

Mitigation & patch

Apply patches available from the vendor according to references: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7. It is also recommended to restrict access to the FMC web interface exclusively to trusted IP addresses and to review assigned user roles, including accounts with the Security Analyst (Read Only) role.

Who is affected

Cisco Secure Firewall Management Center (FMC) Software (formerly Firepower Management Center Software) — specific versions indicated in vendor references.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Cisco Secure Firewall Management Center

    APP
    Cisco
    6.2.36.2.3.16.2.3.106.2.3.116.2.3.126.2.3.136.2.3.146.2.3.156.2.3.166.2.3.176.2.3.186.2.3.26.2.3.36.2.3.46.2.3.5+ 77 więcej
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
FirewallCommand Injection
CWE
References

Related vulnerabilities

CVE-2026-20131CRITICAL10.0⚠ KEVPL ✓ten sam produkt

RCE przez insecure deserialization w Cisco Secure Firewall Management Center

CVE-2025-20265CRITICAL10.0PL ✓ten sam produkt

RCE przez RADIUS w Cisco Secure Firewall Management Center

CVE-2023-20048CRITICAL9.9ten sam produkt

A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow ...

CVE-2019-16028CRITICAL9.8ten sam produkt

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow a...

CVE-2020-3318CRITICAL9.8ten sam produkt

Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent So...