CVE-2024-20379
Essential information
- Published
- 23/10/2024 18:15
- Modified
- 01/11/2024 18:02
- Author
- —
- Creator
- —
- CVSS
- 6.5 MEDIUM (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Privileges required
- LOW
- User interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality impact
- HIGH
- Integrity impact
- NONE
- Availability impact
- NONE
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.
NVD status
- Status
- Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| cisco / firepower management center | cpe:2.3:a:cisco:firepower_management_center:7.3.0:*:*:*:*:*:*:* |
| cisco / firepower management center | cpe:2.3:a:cisco:firepower_management_center:7.3.1:*:*:*:*:*:*:* |
| cisco / firepower management center | cpe:2.3:a:cisco:firepower_management_center:7.3.1.1:*:*:*:*:*:*:* |
| cisco / firepower management center | cpe:2.3:a:cisco:firepower_management_center:7.3.1.2:*:*:*:*:*:*:* |
| cisco / firepower management center | cpe:2.3:a:cisco:firepower_management_center:7.4.0:*:*:*:*:*:*:* |
| cisco / firepower management center | cpe:2.3:a:cisco:firepower_management_center:7.4.1:*:*:*:*:*:*:* |
| cisco / firepower management center | cpe:2.3:a:cisco:firepower_management_center:7.4.1.1:*:*:*:*:*:*:* |