5.4
CVE-2024-20387
- EPSS 0.08%
- Published 23.10.2024 18:15:07
- Last modified 26.11.2024 16:09:02
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to conduct a stored XSS attack on an affected device.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Firepower Management Center Version6.4.0.17
Cisco ≫ Firepower Management Center Version6.4.0.18
Cisco ≫ Firepower Management Center Version6.6.7.2
Cisco ≫ Firepower Management Center Version7.0.6.1
Cisco ≫ Firepower Management Center Version7.0.6.2
Cisco ≫ Firepower Management Center Version7.2.5.1
Cisco ≫ Firepower Management Center Version7.2.5.2
Cisco ≫ Firepower Management Center Version7.2.6
Cisco ≫ Firepower Management Center Version7.2.7
Cisco ≫ Firepower Management Center Version7.2.8
Cisco ≫ Firepower Management Center Version7.2.8.1
Cisco ≫ Firepower Management Center Version7.4.0
Cisco ≫ Firepower Management Center Version7.4.1
Cisco ≫ Firepower Management Center Version7.4.1.1
Cisco ≫ Secure Firewall Management Center Version6.2.3.17
Cisco ≫ Secure Firewall Management Center Version6.2.3.18
Cisco ≫ Secure Firewall Management Center Version6.4.0.13
Cisco ≫ Secure Firewall Management Center Version6.4.0.14
Cisco ≫ Secure Firewall Management Center Version6.4.0.15
Cisco ≫ Secure Firewall Management Center Version6.4.0.16
Cisco ≫ Secure Firewall Management Center Version6.6.0
Cisco ≫ Secure Firewall Management Center Version6.6.0.1
Cisco ≫ Secure Firewall Management Center Version6.6.1
Cisco ≫ Secure Firewall Management Center Version6.6.3
Cisco ≫ Secure Firewall Management Center Version6.6.4
Cisco ≫ Secure Firewall Management Center Version6.6.5
Cisco ≫ Secure Firewall Management Center Version6.6.5.1
Cisco ≫ Secure Firewall Management Center Version6.6.5.2
Cisco ≫ Secure Firewall Management Center Version6.6.7
Cisco ≫ Secure Firewall Management Center Version6.6.7.1
Cisco ≫ Secure Firewall Management Center Version7.0.6
Cisco ≫ Secure Firewall Management Center Version7.2.4
Cisco ≫ Secure Firewall Management Center Version7.2.4.1
Cisco ≫ Secure Firewall Management Center Version7.2.5
Cisco ≫ Secure Firewall Management Center Version7.3.0
Cisco ≫ Secure Firewall Management Center Version7.3.1
Cisco ≫ Secure Firewall Management Center Version7.3.1.1
Cisco ≫ Secure Firewall Management Center Version7.3.1.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.238 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| psirt@cisco.com | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.