CVE-2024-20340

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Management Center (formerly Cisco Firepower Management Center) versions not specified

Description: The issue is related to insufficient validation of user-supplied input, allowing an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this, an attacker must have a valid account on the device with a specific role, such as Security Approver, Intrusion Admin, Access Admin, or Network Admin. The attacker could exploit this by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to read the contents of databases on the affected device and obtain limited read access to the underlying operating system.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.