www.belgium.be Logo of the federal government

WARNING: CISCO FIXED MULTIPLE VULNERABILITIES IN CISCO FIREPOWER MANAGEMENT CENTER SOFTWARE, PATCH IMMEDIATELY!

Reference: 
Advisory #2024-73
Version: 
1.0
Affected software: 
Cisco Firepower Management Center Software
Type: 
SQL injection vulnerability
CVE/CVSS: 

CVE-2024-20360 CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

 

Datum: 
23/05/2024

Sources

https://sec.cloudapps.cisco.com/security/center/publicationListing.x

Risks

Cisco addressed multiple vulnerabilities, one of which affects the Cisco Firepower Management Center Software. Successful exploitation would allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.

The impact on the Confidentiality, Integrity and Availability is High.

 

Description

An attacker could exploit this vulnerability by authenticating to the application and sending crafted SQL queries to an affected system.

Successful exploitation could allow the attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root.

To exploit this vulnerability, an attacker would need at least Read Only user credentials.

Cisco also disclosed several other vulnerabilities that, while less critical, are still noteworthy.

  • CVE-2024-20363: Multiple Cisco Products, Snort 3 HTTP Intrusion Prevention System Rule Bypass Vulnerability
  • CVE-2024-2026: Cisco Firepower Threat Defense Software, Encrypted Archive File Policy Bypass Vulnerability
  • CVE-2024-20361: Cisco Firepower Management Center Software, Object Group Access Control List Bypass Vulnerability
  • CVE-2024-20355: Cisco Adaptive Security Appliance and Firepower Threat Defense Software, Authorization Bypass Vulnerability
  • CVE-2024-20293: Cisco Adaptive Security Appliance and Firepower Threat Defense Software, Inactive-to-Active ACL Bypass Vulnerability

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion. In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.