Cisco recently addressed a very serious vulnerability in its Firepower Management Center software with the latest update. The company urged users to upgrade to the latest software releases to receive the patch as no solutions exist to fix the flaw.
Cisco has patched the vulnerability in the Firepower Management Center
The networking giant Cisco recently fixed a very serious SQL injection vulnerability in its Cisco Firepower Management Center software. By exploiting the flaw, an authenticated remote adversary can target vulnerable systems.
Firepower Management Center (FMC) is a dedicated Cisco administrative center that provides users with a unified platform for managing various Cisco security products. This includes seamless management of firewalls, URL filtering, application control, intrusion prevention and malware protection.
According to his advisorythe vulnerability affected the web-based management interface of the FMC software. The error was caused by incorrect input validation in the web-based management interface. As a result, an authenticated attacker could exploit the flaw by sending maliciously crafted SQL queries to the target system.
To exploit the flaw, the attacker would have to have at least read-only credentials. Once exploited, the attacker could access data in the database, gain root privileges, and execute arbitrary code on the target system.
This vulnerability was assigned the CVE ID CVE-2024-20360 and achieved a high severity rating and a CVSS score of 8.8. It typically affected Cisco FMC software, and the tech giant confirmed that Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software remain safe from this flaw.
The company credited the security researcher alias SunD0y with reporting the flaw. Cisco also confirmed that no active exploit attempts for this flaw have been detected in the wild.
To help users update their systems with the patched FMC releases, Cisco also has a Software Checker tool. Using this tool, users can search for the latest Cisco advisories that address any security issues in the latest releases.
Let us know your thoughts in the comments.
