Cisco Firewall Management Center Software is vulnerable to a critical severity vulnerability tracked as CVE-2024-20424. Successful exploitation of the vulnerability may allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root.
Cisco mentioned in the advisory that they are unaware of any public exploitation of the vulnerability.
Cisco Firewall Management Center analyzes network vulnerabilities, prioritizes attacks, and recommends protections to support security teams. FMC provides unified firewall management, application control, intrusion prevention, URL filtering, and malware defense. It also offers real-time visibility across networks to manage applications and malware outbreaks.
Vulnerability Description
The vulnerability originates from insufficient input validation of specific HTTP requests. An attacker may exploit this vulnerability by authenticating an affected device’s web-based management interface and then sending a crafted HTTP request to the device. Upon successful exploitation, an attacker may execute arbitrary commands with root permissions on the underlying operating system of the Cisco FMC device or execute commands on managed Cisco Firepower Threat Defense (FTD) devices. An attacker must have valid credentials for a user account with at least the role of Security Analyst (Read Only) to exploit the vulnerability.
Affected Versions
- From 6.2.3 prior to 7.0.6.3
- From 7.1.0 prior to 7.2.9
- From 7.3.0 prior to 7.4.2.1
Mitigation
Cisco has released software updates to address the vulnerability.
Customers can refer to the Cisco Security Advisory (cisco-sa-fmc-cmd-inj-v3AWDqN7) for information about the vulnerability.
Qualys Detection
Qualys customers can scan their devices with QID 317531 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
