Cisco reports high-severity flaw affecting Firepower Management Center
Take action: This is not a panic mode patch. The attacker still needs valid credentials and access to the console to exploit the flaw. If you are using Cisco Firepower Management Center, make sure it's isolated and accessible only from trusted networks, then plan for a patch in the regular patch cycle.
Learn More
Cisco has patched a high-severity SQL injection vulnerability in the web-based management interface of its Firepower Management Center (FMC) Software.
The flaw, tracked as CVE-2024-20360 (CVSS score 8.8) could allow attackers with at least Read Only user credentials to compromise affected systems.
The vulnerability exists due to inadequate validation of user input in the web-based management interface of the FMC Software. An authenticated, remote attacker with at least Read Only user credentials could exploit this flaw by sending crafted SQL queries to the affected system.
Cisco has released a software update, and states that there are no workarounds. Users of the Firepower Management Center Software are urged to apply the patch to mitigate the risk.
Cisco has confirmed that this issue does not affect Adaptive Security Appliance (ASA) Software or Firepower Threat Defense (FTD) Software.
