CVE-2024-20374: RCE in Cisco Secure Firewall Management Center

Successful exploitation of CVE-2024-20374 allows an attacker to gain complete control over the affected Cisco Secure Firewall Management Center. This includes the ability to install malware, steal sensitive data, modify firewall configurations, and potentially pivot to other systems on the network. The impact is particularly severe because the vulnerability requires only authenticated administrator access, a privilege often held by a limited number of personnel. A successful breach could lead to a complete compromise of the network infrastructure managed by the FMC, resulting in significant data loss, disruption of services, and reputational damage. The ability to execute arbitrary commands mirrors the impact of other high-profile RCE vulnerabilities, such as those affecting network management appliances.

1. Reserved2023-11-08
2. Published2024-10-23
3. Modified2024-10-26
4. EPSS updated2026-04-02

The primary mitigation for CVE-2024-20374 is to upgrade to Cisco Secure Firewall Management Center version 7.4.2 or later, which contains the fix. If immediate upgrading is not possible, consider implementing temporary workarounds. Segment the FMC network to limit potential lateral movement. Review and restrict user privileges within the FMC to minimize the attack surface. Implement strict input validation on all HTTP requests to the FMC web interface, although this is complex and may not be fully effective. Monitor FMC logs for suspicious activity, particularly unusual command executions or attempts to access restricted resources. After upgrading, verify the fix by attempting to reproduce the vulnerability with a crafted HTTP request and confirming that the request is properly sanitized and rejected.