CVE-2024-20374

Name of the Vulnerable Software and Affected Versions Cisco Secure Firewall Management Center (FMC) Software versions (affected versions not specified)

Description A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This issue is due to insufficient input validation of certain HTTP request parameters sent to the web-based management interface. An attacker could exploit this by authenticating to the interface and sending a crafted HTTP request to an affected device, potentially allowing the execution of commands as the root user.

Recommendations To resolve this issue, update the Cisco Secure Firewall Management Center (FMC) Software to a version that includes the fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.