CVE-2024-20471

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Management Center (FMC) Software (affected versions not specified)

Description: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This issue exists due to inadequate validation of user input. An attacker could exploit this by authenticating as an Administrator and sending crafted SQL queries to an affected system, potentially obtaining unauthorized data from the database and making changes to the system. The attacker would need Administrator-level privileges to exploit this vulnerability.

Recommendations: To resolve this issue, update the Cisco Secure Firewall Management Center (FMC) Software to a version that includes the necessary security patches. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Restrict Administrator-level privileges to only those who require them, to reduce the potential attack surface.