Plattform
cisco
Komponente
cisco-secure-firewall-management-center
Behoben in
6.7.1
6.7.1
6.7.1
6.7.1
7.0.1
7.0.1
7.0.2
7.0.2
7.0.3
7.0.3
7.0.4
7.0.5
7.0.6
7.0.7
7.0.7
7.0.7
7.1.1
7.1.1
7.1.1
7.1.1
7.2.1
7.2.2
7.2.3
7.2.1
7.2.4
7.2.4
7.2.5
7.2.5
7.2.6
7.2.6
7.2.7
7.2.8
7.2.6
7.2.9
7.2.9
7.3.1
7.3.2
7.3.2
7.3.2
7.4.1
7.4.2
7.4.2
CVE-2024-20374 describes a remote code execution (RCE) vulnerability affecting Cisco Secure Firewall Management Center (FMC) versions 6.7.0 through 7.4.1.1. An authenticated administrator could exploit this flaw to execute arbitrary commands on the underlying operating system. The vulnerability arises from insufficient input validation of HTTP request parameters within the web-based management interface. Cisco has released a patch in version 7.4.2.
Successful exploitation of CVE-2024-20374 allows an authenticated administrator to gain complete control over the affected Cisco Secure Firewall Management Center instance. This includes the ability to execute arbitrary system commands, potentially leading to data breaches, system compromise, and lateral movement within the network. An attacker could install malware, steal sensitive configuration data, or disrupt network operations. The impact is particularly severe given the central role of the FMC in managing and monitoring network security devices, making it a high-value target for attackers.
This vulnerability is publicly known and documented by Cisco. While no active exploitation campaigns have been confirmed publicly, the availability of a remote code execution vulnerability with administrative privileges makes it a high-priority target. The vulnerability was disclosed on 2024-10-23. Its inclusion in the Cisco security advisory suggests a potential for exploitation and warrants immediate attention.
Organizations heavily reliant on Cisco Secure Firewall Management Center for network security management are at significant risk. This includes large enterprises, government agencies, and managed service providers. Deployments with legacy configurations or those lacking robust access controls are particularly vulnerable. Shared hosting environments where multiple customers share a single FMC instance also face increased risk.
• linux / server:
journalctl -u firepowermgmt -f | grep -i "error" -i "exception"• generic web:
curl -I <fmc_ip>/ui/ # Check for unusual HTTP headers or responses• cisco: Review Cisco FMC logs for unusual HTTP requests containing suspicious parameters. Look for patterns indicative of command injection attempts. • cisco: Use Cisco's security monitoring tools to detect unauthorized access attempts to the FMC web interface. • cisco: Monitor network traffic to and from the FMC for suspicious outbound connections.
disclosure
Exploit-Status
EPSS
0.08% (24% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-20374 is to upgrade to Cisco Secure Firewall Management Center version 7.4.2 or later. Prior to upgrading, it is crucial to review Cisco's release notes for any potential compatibility issues or breaking changes. If an immediate upgrade is not feasible, consider implementing strict input validation on HTTP requests to the FMC web interface as a temporary workaround, although this is complex and may impact legitimate functionality. Monitor network traffic for suspicious activity and unusual command execution patterns.
Actualice el software Cisco Secure Firewall Management Center a una versión no afectada. Consulte el advisory de Cisco para obtener detalles sobre las versiones corregidas y las instrucciones de actualización. Se recomienda aplicar la actualización lo antes posible para mitigar el riesgo de ejecución remota de comandos.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-20374 is a remote code execution vulnerability in Cisco Secure Firewall Management Center allowing authenticated admins to execute commands. It affects versions 6.7.0–7.4.1.1.
You are affected if you are running Cisco Secure Firewall Management Center versions 6.7.0 through 7.4.1.1 and have not upgraded.
Upgrade to Cisco Secure Firewall Management Center version 7.4.2 or later to resolve the vulnerability. Consider temporary workarounds if immediate upgrade is not possible.
While no public exploits are currently known, the RCE nature of the vulnerability suggests a high probability of exploitation.
Refer to the official Cisco Security Advisory for CVE-2024-20374 on the Cisco website (search for 'Cisco Security Advisory CVE-2024-20374').
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.