Cisco Firepower : FMC SQL Injection Vulnerability
Cisco Firepower : FMC SQL Injection Vulnerability
About the new Vulnerability
- Vulnerability: CVE-2024-20360
- Advisory ID: cisco-sa-fmc-sqli-WFFDnNOs
An authenticated, remote attacker might use a vulnerability in Cisco Firepower administration Center (FMC) Software's web-based administration interface to carry out SQL injection attacks on an affected system.
This vulnerability exists because the web-based management interface fails to properly check user input. An attacker could exploit this vulnerability by authenticating with the application and sending crafted SQL queries to an affected system. A successful vulnerability could allow the attacker to extract any data from the database, run arbitrary instructions on the underlying operating system, and gain root access. To exploit this issue, an attacker would require at least Read Only user credentials.
This issue affects devices running a vulnerable version of Cisco FMC Software, regardless of device configuration.
As per cisco, There are no workarounds that address this vulnerability.
Full Read: Cisco Firepower Management Center Software SQL Injection Vulnerability