CVE-2024-20379

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-20379
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-file-read-5q4mQRn Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:firepower_management_center:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:7.4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.0:*:*:*:*:*:*:*
History

26 Nov 2024, 16:09

Type Values Removed Values Added
CPE cpe:2.3:a:cisco:firepower_management_center:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:7.3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:7.3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:7.3.0:*:*:*:*:*:*:*		 cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1:*:*:*:*:*:*:*
First Time Cisco secure Firewall Management Center

01 Nov 2024, 18:02

Type Values Removed Values Added
First Time Cisco firepower Management Center
Cisco
CWE CWE-22
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-file-read-5q4mQRn - () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-file-read-5q4mQRn - Vendor Advisory
CPE cpe:2.3:a:cisco:firepower_management_center:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:7.3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:7.3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:7.4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:7.3.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5

23 Oct 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-23 18:15

Updated : 2024-11-26 16:09

NVD link : CVE-2024-20379

Mitre link : CVE-2024-20379

JSON object : View

Products Affected

cisco

  • firepower_management_center
  • secure_firewall_management_center
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')