CVE-2024-20275

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Management Center (FMC) Software versions (affected versions not specified)

Description: A vulnerability in the cluster backup feature could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This issue is due to insufficient validation of user data supplied through the web-based management interface. An attacker could exploit this by sending a crafted HTTP request to an affected device, allowing them to execute arbitrary operating system commands. The attacker would need valid credentials for a user account with at least the role of Network Administrator and would also need to persuade a legitimate user to initiate a cluster backup on the affected device.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.