CVE-2024-20482

EPSS 0.07%
Published 23.10.2024 18:15:12
Last modified 01.11.2024 19:49:21
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker must have a valid account on the device that is configured with a custom read-only role.

 This vulnerability is due to insufficient validation of role permissions in part of the web-based management interface. An attacker could exploit this vulnerability by performing a write operation on the affected part of the web-based management interface. A successful exploit could allow the attacker to modify certain parts of the configuration.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Secure Firewall Management Center Version7.2.0

Cisco ≫ Secure Firewall Management Center Version7.2.0.1

Cisco ≫ Secure Firewall Management Center Version7.2.1

Cisco ≫ Secure Firewall Management Center Version7.2.2

Cisco ≫ Secure Firewall Management Center Version7.2.3

Cisco ≫ Secure Firewall Management Center Version7.2.3.1

Cisco ≫ Secure Firewall Management Center Version7.2.4

Cisco ≫ Secure Firewall Management Center Version7.2.4.1

Cisco ≫ Secure Firewall Management Center Version7.2.5

Cisco ≫ Secure Firewall Management Center Version7.2.5.1

Cisco ≫ Secure Firewall Management Center Version7.2.5.2

Cisco ≫ Secure Firewall Management Center Version7.2.6

Cisco ≫ Secure Firewall Management Center Version7.2.7

Cisco ≫ Secure Firewall Management Center Version7.2.8

Cisco ≫ Secure Firewall Management Center Version7.2.8.1

Cisco ≫ Secure Firewall Management Center Version7.3.0

Cisco ≫ Secure Firewall Management Center Version7.3.1

Cisco ≫ Secure Firewall Management Center Version7.3.1.1

Cisco ≫ Secure Firewall Management Center Version7.3.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.211

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
psirt@cisco.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-priv-esc-CMQ4S6m7

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-20482

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-20482

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-20482

EUVD