प्लेटफ़ॉर्म
cisco
घटक
cisco-secure-firewall-management-center
में ठीक किया गया
6.7.1
6.7.1
6.7.1
6.7.1
7.0.1
7.0.1
7.0.2
7.0.2
7.0.3
7.0.3
7.0.4
7.0.5
7.0.6
7.0.7
7.0.7
7.0.7
7.1.1
7.1.1
7.1.1
7.1.1
7.2.1
7.2.2
7.2.3
7.2.1
7.2.4
7.2.4
7.2.5
7.2.5
7.2.6
7.2.6
7.2.7
7.2.8
7.2.6
7.2.9
7.2.9
7.3.1
7.3.2
7.3.2
7.3.2
7.4.1
7.4.2
7.4.2
CVE-2024-20374 describes a remote code execution (RCE) vulnerability within the web-based management interface of Cisco Secure Firewall Management Center (FMC). An authenticated attacker with Administrator-level privileges can exploit this flaw to execute arbitrary commands on the underlying operating system. This vulnerability impacts versions 6.7.0 through 7.4.1.1 of the software, and a patch is available in version 7.4.2.
Successful exploitation of CVE-2024-20374 allows an attacker to gain complete control over the affected Cisco Secure Firewall Management Center. This includes the ability to install malware, steal sensitive data, modify firewall configurations, and potentially pivot to other systems on the network. The impact is particularly severe because the vulnerability requires only authenticated administrator access, a privilege often held by a limited number of personnel. A successful breach could lead to a complete compromise of the network infrastructure managed by the FMC, resulting in significant data loss, disruption of services, and reputational damage. The ability to execute arbitrary commands mirrors the impact of other high-profile RCE vulnerabilities, such as those affecting network management appliances.
CVE-2024-20374 was publicly disclosed on October 23, 2024. While no public exploits are currently known, the RCE nature of the vulnerability and the relatively low complexity of exploitation suggest a high probability of exploitation. The EPSS score is likely to be medium or high. It is not currently listed on the CISA KEV catalog, but this could change as the vulnerability gains more attention. Monitor security advisories and threat intelligence feeds for updates.
Organizations heavily reliant on Cisco Secure Firewall Management Center for network security management are at significant risk. This includes large enterprises, government agencies, and managed service providers. Deployments with legacy configurations or those lacking robust access controls are particularly vulnerable. Shared hosting environments where multiple customers share a single FMC instance also face increased risk.
• linux / server:
journalctl -u firepowermgmt -f | grep -i "error" -i "exception"• generic web:
curl -I <fmc_ip>/ui/ # Check for unusual HTTP headers or responses• cisco: Review Cisco FMC logs for unusual HTTP requests containing suspicious parameters. Look for patterns indicative of command injection attempts. • cisco: Use Cisco's security monitoring tools to detect unauthorized access attempts to the FMC web interface. • cisco: Monitor network traffic to and from the FMC for suspicious outbound connections.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.08% (24% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2024-20374 is to upgrade to Cisco Secure Firewall Management Center version 7.4.2 or later, which contains the fix. If immediate upgrading is not possible, consider implementing temporary workarounds. Segment the FMC network to limit potential lateral movement. Review and restrict user privileges within the FMC to minimize the attack surface. Implement strict input validation on all HTTP requests to the FMC web interface, although this is complex and may not be fully effective. Monitor FMC logs for suspicious activity, particularly unusual command executions or attempts to access restricted resources. After upgrading, verify the fix by attempting to reproduce the vulnerability with a crafted HTTP request and confirming that the request is properly sanitized and rejected.
Actualice el software Cisco Secure Firewall Management Center a una versión no afectada. Consulte el advisory de Cisco para obtener detalles sobre las versiones corregidas y las instrucciones de actualización. Se recomienda aplicar la actualización lo antes posible para mitigar el riesgo de ejecución remota de comandos.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-20374 is a remote code execution vulnerability in Cisco Secure Firewall Management Center allowing authenticated admins to execute commands. It affects versions 6.7.0–7.4.1.1.
You are affected if you are running Cisco Secure Firewall Management Center versions 6.7.0 through 7.4.1.1 and have not upgraded.
Upgrade to Cisco Secure Firewall Management Center version 7.4.2 or later to resolve the vulnerability. Consider temporary workarounds if immediate upgrade is not possible.
While no public exploits are currently known, the RCE nature of the vulnerability suggests a high probability of exploitation.
Refer to the official Cisco Security Advisory for CVE-2024-20374 on the Cisco website (search for 'Cisco Security Advisory CVE-2024-20374').
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।