Latest

Cisco Firepower : FMC SQL Injection Vulnerability

Cisco Firepower : FMC SQL Injection Vulnerability

Cisco Firepower : FMC SQL Injection Vulnerability

About the new Vulnerability

  • Vulnerability: CVE-2024-20360
  • Advisory ID: cisco-sa-fmc-sqli-WFFDnNOs

An authenticated, remote attacker might use a vulnerability in Cisco Firepower administration Center (FMC) Software's web-based administration interface to carry out SQL injection attacks on an affected system.

This vulnerability exists because the web-based management interface fails to properly check user input. An attacker could exploit this vulnerability by authenticating with the application and sending crafted SQL queries to an affected system. A successful vulnerability could allow the attacker to extract any data from the database, run arbitrary instructions on the underlying operating system, and gain root access. To exploit this issue, an attacker would require at least Read Only user credentials.

This issue affects devices running a vulnerable version of Cisco FMC Software, regardless of device configuration.

As per cisco, There are no workarounds that address this vulnerability.

Full Read: Cisco Firepower Management Center Software SQL Injection Vulnerability

Free Tools...