CVE-2024-20379

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.

Severity	MEDIUM
CVSS	6.5
CWE	CWE-36
KEV
Published	1 year ago
Modified	1 year ago

Related Products

Product	Advisory
Cisco Nexus Dashboard	cisco-sa-fmc-file-read-5q4mQRn
Cisco Firepower Threat Defense Software	cisco-sa-fmc-file-read-5q4mQRn
Cisco Catalyst PON Series Switches	cisco-sa-fmc-file-read-5q4mQRn
Cisco Adaptive Security Appliance (ASA) Software	cisco-sa-fmc-file-read-5q4mQRn
Cisco Secure Firewall Management Center (FMC) Appliances	cisco-sa-fmc-file-read-5q4mQRn
Cisco Secure Firewall Management Center (FMC)	cisco-sa-fmc-file-read-5q4mQRn