5.3

CVE-2024-20388

EPSS 0.11%
Veröffentlicht 23.10.2024 18:15:07
Zuletzt bearbeitet 26.11.2024 16:09:02
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device.

 This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Firepower Management Center Version6.4.0.17

Cisco ≫ Firepower Management Center Version6.4.0.18

Cisco ≫ Firepower Management Center Version6.6.7.2

Cisco ≫ Firepower Management Center Version7.0.6.1

Cisco ≫ Firepower Management Center Version7.0.6.2

Cisco ≫ Firepower Management Center Version7.2.5.1

Cisco ≫ Firepower Management Center Version7.2.5.2

Cisco ≫ Firepower Management Center Version7.2.6

Cisco ≫ Firepower Management Center Version7.2.7

Cisco ≫ Firepower Management Center Version7.2.8

Cisco ≫ Firepower Management Center Version7.2.8.1

Cisco ≫ Firepower Management Center Version7.4.0

Cisco ≫ Firepower Management Center Version7.4.1

Cisco ≫ Firepower Management Center Version7.4.1.1

Cisco ≫ Secure Firewall Management Center Version6.2.3

Cisco ≫ Secure Firewall Management Center Version6.2.3.1

Cisco ≫ Secure Firewall Management Center Version6.2.3.2

Cisco ≫ Secure Firewall Management Center Version6.2.3.3

Cisco ≫ Secure Firewall Management Center Version6.2.3.4

Cisco ≫ Secure Firewall Management Center Version6.2.3.5

Cisco ≫ Secure Firewall Management Center Version6.2.3.6

Cisco ≫ Secure Firewall Management Center Version6.2.3.7

Cisco ≫ Secure Firewall Management Center Version6.2.3.8

Cisco ≫ Secure Firewall Management Center Version6.2.3.9

Cisco ≫ Secure Firewall Management Center Version6.2.3.10

Cisco ≫ Secure Firewall Management Center Version6.2.3.11

Cisco ≫ Secure Firewall Management Center Version6.2.3.12

Cisco ≫ Secure Firewall Management Center Version6.2.3.13

Cisco ≫ Secure Firewall Management Center Version6.2.3.14

Cisco ≫ Secure Firewall Management Center Version6.2.3.15

Cisco ≫ Secure Firewall Management Center Version6.2.3.16

Cisco ≫ Secure Firewall Management Center Version6.2.3.17

Cisco ≫ Secure Firewall Management Center Version6.2.3.18

Cisco ≫ Secure Firewall Management Center Version6.4.0

Cisco ≫ Secure Firewall Management Center Version6.4.0.1

Cisco ≫ Secure Firewall Management Center Version6.4.0.2

Cisco ≫ Secure Firewall Management Center Version6.4.0.3

Cisco ≫ Secure Firewall Management Center Version6.4.0.4

Cisco ≫ Secure Firewall Management Center Version6.4.0.5

Cisco ≫ Secure Firewall Management Center Version6.4.0.6

Cisco ≫ Secure Firewall Management Center Version6.4.0.7

Cisco ≫ Secure Firewall Management Center Version6.4.0.8

Cisco ≫ Secure Firewall Management Center Version6.4.0.9

Cisco ≫ Secure Firewall Management Center Version6.4.0.10

Cisco ≫ Secure Firewall Management Center Version6.4.0.11

Cisco ≫ Secure Firewall Management Center Version6.4.0.12

Cisco ≫ Secure Firewall Management Center Version6.4.0.13

Cisco ≫ Secure Firewall Management Center Version6.4.0.14

Cisco ≫ Secure Firewall Management Center Version6.4.0.15

Cisco ≫ Secure Firewall Management Center Version6.4.0.16

Cisco ≫ Secure Firewall Management Center Version6.6.0

Cisco ≫ Secure Firewall Management Center Version6.6.0.1

Cisco ≫ Secure Firewall Management Center Version6.6.1

Cisco ≫ Secure Firewall Management Center Version6.6.3

Cisco ≫ Secure Firewall Management Center Version6.6.4

Cisco ≫ Secure Firewall Management Center Version6.6.5

Cisco ≫ Secure Firewall Management Center Version6.6.5.1

Cisco ≫ Secure Firewall Management Center Version6.6.5.2

Cisco ≫ Secure Firewall Management Center Version6.6.7

Cisco ≫ Secure Firewall Management Center Version6.6.7.1

Cisco ≫ Secure Firewall Management Center Version6.7.0

Cisco ≫ Secure Firewall Management Center Version6.7.0.1

Cisco ≫ Secure Firewall Management Center Version6.7.0.2

Cisco ≫ Secure Firewall Management Center Version6.7.0.3

Cisco ≫ Secure Firewall Management Center Version7.0.0

Cisco ≫ Secure Firewall Management Center Version7.0.0.1

Cisco ≫ Secure Firewall Management Center Version7.0.1

Cisco ≫ Secure Firewall Management Center Version7.0.1.1

Cisco ≫ Secure Firewall Management Center Version7.0.2

Cisco ≫ Secure Firewall Management Center Version7.0.2.1

Cisco ≫ Secure Firewall Management Center Version7.0.3

Cisco ≫ Secure Firewall Management Center Version7.0.4

Cisco ≫ Secure Firewall Management Center Version7.0.5

Cisco ≫ Secure Firewall Management Center Version7.0.6

Cisco ≫ Secure Firewall Management Center Version7.1.0

Cisco ≫ Secure Firewall Management Center Version7.1.0.1

Cisco ≫ Secure Firewall Management Center Version7.1.0.2

Cisco ≫ Secure Firewall Management Center Version7.1.0.3

Cisco ≫ Secure Firewall Management Center Version7.2.0

Cisco ≫ Secure Firewall Management Center Version7.2.0.1

Cisco ≫ Secure Firewall Management Center Version7.2.1

Cisco ≫ Secure Firewall Management Center Version7.2.2

Cisco ≫ Secure Firewall Management Center Version7.2.3

Cisco ≫ Secure Firewall Management Center Version7.2.3.1

Cisco ≫ Secure Firewall Management Center Version7.2.4

Cisco ≫ Secure Firewall Management Center Version7.2.4.1

Cisco ≫ Secure Firewall Management Center Version7.2.5

Cisco ≫ Secure Firewall Management Center Version7.3.0

Cisco ≫ Secure Firewall Management Center Version7.3.1

Cisco ≫ Secure Firewall Management Center Version7.3.1.1

Cisco ≫ Secure Firewall Management Center Version7.3.1.2

Cisco ≫ Firepower Threat Defense Version6.4.0.4

Cisco ≫ Firepower Threat Defense Version6.4.0.10

Cisco ≫ Firepower Threat Defense Version6.4.0.12

Cisco ≫ Firepower Threat Defense Version6.4.0.14

Cisco ≫ Firepower Threat Defense Version6.4.0.16

Cisco ≫ Firepower Threat Defense Version6.4.0.18

Cisco ≫ Firepower Threat Defense Version6.6.5.1

Cisco ≫ Firepower Threat Defense Version6.6.7

Cisco ≫ Firepower Threat Defense Version6.7.0.2

Cisco ≫ Firepower Threat Defense Version7.1.0.1

Cisco ≫ Firepower Threat Defense Version7.1.0.3

Cisco ≫ Firepower Threat Defense Version7.2.2

Cisco ≫ Firepower Threat Defense Version7.4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.304

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
psirt@cisco.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-202 Exposure of Sensitive Information Through Data Queries

When trying to keep information confidential, an attacker can often infer some of the information by using statistics.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-20388

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-20388

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-20388

EUVD