Main Vulnerability Database Vulnerabilities #VU89831

#VU89831 Permissions, Privileges, and Access Controls in Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC) - CVE-2024-20361

Published: May 27, 2024

Vulnerability identifier: #VU89831

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-20361

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC)

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to bypass configured access controls.

The vulnerability exists due to the incorrect deployment of the Object Groups for Access Control Lists (ACLs) feature from Cisco FMC Software to managed FTD devices in high-availability setups. A remote attacker can bypass configured access controls and send traffic to devices that are expected to be protected by the affected device.

Remediation

Install updates from vendor's website.

External links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-object-bypass-fTH8tDjq

#VU89831 Permissions, Privileges, and Access Controls in Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC) - CVE-2024-20361

Description

Remediation

External links

Please verify you're human