CVE-2024-20424

Name of the Vulnerable Software and Affected Versions Cisco Secure Firewall Management Center (FMC) Software versions (affected versions not specified)

Description The issue is related to insufficient input validation of certain HTTP requests in the web-based management interface. This could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. The attacker would need valid credentials for a user account with at least the role of Security Analyst (Read Only) to exploit this vulnerability. By sending a crafted HTTP request to the device after authenticating to the web-based management interface, a successful exploit could allow the attacker to execute arbitrary commands with root permissions on the underlying operating system of the Cisco FMC device or to execute commands on managed Cisco Firepower Threat Defense (FTD) devices.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.