CVE-2024-20472

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Management Center (FMC) Software (affected versions not specified)

Description: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This issue exists due to inadequate validation of user input. An attacker could exploit this by authenticating as an Administrator and sending crafted SQL queries to an affected system, potentially obtaining unauthorized data from the database and making changes to the system. The attacker would need Administrator-level privileges to exploit this vulnerability.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.