Cisco recently addressed a high-severity vulnerability in its Firepower Management Center software with the latest update. The firm urged users to upgrade to the latest software releases to receive the patch, as no workarounds exist to mitigate the flaw.
Cisco Patched The Firepower Management Center Vulnerability
The networking giant Cisco recently fixed a high-severity SQL injection vulnerability in its Cisco Firepower Management Center software. Exploiting the flaw could let an authenticated remote adversary target vulnerable systems.
Firepower Management Center (FMC) is a dedicated administrative center from Cisco, providing users with a unified platform to manage different Cisco security products. This includes seamless management of firewalls, URL filtering, application control, intrusion prevention, and malware protection.
According to its advisory, the vulnerability affected the web-based management interface of the FMC software. The flaw existed due to an improper input validation in the web-based management interface. Consequently, an authenticated attacker could exploit the flaw by sending maliciously crafted SQL queries to the target system.
Exploiting the flaw required the attacker to have Read-Only credentials at the least. Once exploited, the flaw could let the attacker access data in the database, gain root privileges, and execute arbitrary codes on the target system.
This vulnerability received the CVE ID CVE-2024-20360, achieving a high-severity rating and a CVSS score of 8.8. It typically affected Cisco FMC software, and the tech giant confirmed Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software to remain safe from this flaw.
The firm credited the security researcher with the alias SunD0y with reporting the flaw. Cisco also confirmed detecting no active exploitation attempts for this flaw in the wild.
To help users update their systems with the patched FMC releases, Cisco also released a Software Checker tool. Using this tool, users may search for the latest Cisco advisories addressing any security flaws with the latest releases.
Let us know your thoughts in the comments.
