CVE-2024-20377

Published Oct 23, 2024

Last updated 16 days ago

CVSS medium 5.4

Overview

Description: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to the web-based management interface not properly validating user-supplied input. An attacker could exploit this vulnerability by by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Source: ykramarz@cisco.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79
ykramarz@cisco.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FEE4092-0EAD-48DA-92EB-82DD4EB43E49"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B8DF2E2-848A-4616-AEF0-1EFE68A900C1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "387E34BD-913B-4CB7-9230-81B283E92A9B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFE8B3DC-9865-4845-B989-FB41D6FE085E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC98B2C9-2F78-4DB5-97D7-78D584CEBE87"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44CEED06-6E18-4961-BD69-8BF3E7A6D59C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D815D562-D60A-4AD1-9243-8167B244882E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA91AC4A-77D5-4C41-BD63-4E8F3BA4FF84"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5808D1C-6D6E-403D-8904-147B66B50385"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD9A750B-7C84-484C-94F3-FB66EF6296E6"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62950A6C-8467-4215-BCD1-010B8C491714"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D97494F-BA89-4E95-A01F-C2CE02505A27"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD46B42A-B445-4397-ACD9-FB179B155A34"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21D28D33-2B3C-4695-9137-7C4AC6BA2D7D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DCA8FE8-D0BC-4B6C-8E15-0DC5D0EF515F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62213974-B025-4A76-87CD-025C84389A2B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A876A2A0-0973-481C-A63A-1A5761015308"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6671431-4FE3-4D7D-9F46-445A1A6B7EEF"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2757987-7648-4BE1-AE91-99F1FC95C8C5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "841C3C05-7289-46CC-A610-5A5BFC81FD42"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91599B30-27D5-450A-A565-A65BF940C30C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71802FFD-A173-4F21-87C8-495D8F95A176"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B9CD6DE-EE1E-4FF4-8DF5-7F9DA36AFCFD"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0EF1B4E-3E42-4C42-9981-2BC17F22BA2D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30E26E7E-F6D8-4A89-85F7-42FCB0E37AD6"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2A7E707-6CBB-42E3-BE90-72E835156DB9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BB537CA-0E37-471E-8DD3-7710A443224A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9022BCA-EDBF-4FD1-B427-573CA07E5134"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23BA0BE4-B06D-45AE-9C9D-280F1BFA7EDA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B79ABCC-C95B-45AB-BE9D-454BD8174651"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4FD7D25-704B-47EB-AF36-DC684AD07807"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D33E431-39F5-4F73-99A1-19A05A594C90"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A6F69A3-E15F-43C9-8B9C-A30E057C4FD0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "602535DE-ED32-4805-85EF-940955459B34"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17727E39-1612-4433-AC23-CBC852B392C2"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5894CEC-AB1C-44F2-A977-FE74897A24A6"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "579DC0CE-1CEA-449F-BF76-AD7087573ACD"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB3E28C0-675B-4C30-B248-BE1EB5E961C4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C7E7A89-A9CA-45DA-8378-A50B1F9D260E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References