CVE-2024-20387

Published Oct 23, 2024

Last updated 12 days ago

CVSS medium 5.4

Overview

Description: A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to conduct a stored XSS attack on an affected device.
Source: ykramarz@cisco.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79
ykramarz@cisco.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47FDAAB6-EC1B-4759-8B8A-55748C39AFFC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3C97C0B-509E-4AE2-9EDB-BDC0436E05A1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F3B8077-2DD6-491F-9F0E-D977E7A4AB08"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEAD4CD3-FBF1-43BC-A14F-6375E4B784AE"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5662EBCF-13F5-4CE6-8E3D-B23B73AF4633"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "817E7CDB-5CDC-44A9-92D0-4364A08302BD"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A95D8B6-2D90-4EA8-B468-356EB396A273"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CDEF2CC-D485-4E66-9818-7C9740F37840"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30AE7CB7-86F5-4B80-9179-1C2DF4E8E7B5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1931C431-3452-4FE1-870A-16700553BDAE"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "490C91AC-9437-43DA-99AF-0DF8A0E5EEB5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22913221-9B69-451A-8442-C65091DFAFD2"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1488A64D-E0ED-4E88-92E9-D8E38A2CB080"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FF58049-7F1B-425B-A2A7-5974080625F3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DA72515-66E1-4811-ADDA-B2F9B6A4B737"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "606C631F-5A30-4A07-A761-29B31D09C66A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DA2A011-FAE4-4741-AA37-1F4F17471381"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B57A678-E534-472C-8B45-F6A1E027248C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D748B16-1C2A-4E00-807F-647569C271D1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD9A750B-7C84-484C-94F3-FB66EF6296E6"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62950A6C-8467-4215-BCD1-010B8C491714"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D97494F-BA89-4E95-A01F-C2CE02505A27"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0EF1B4E-3E42-4C42-9981-2BC17F22BA2D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30E26E7E-F6D8-4A89-85F7-42FCB0E37AD6"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2A7E707-6CBB-42E3-BE90-72E835156DB9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BB537CA-0E37-471E-8DD3-7710A443224A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9022BCA-EDBF-4FD1-B427-573CA07E5134"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23BA0BE4-B06D-45AE-9C9D-280F1BFA7EDA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B79ABCC-C95B-45AB-BE9D-454BD8174651"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4FD7D25-704B-47EB-AF36-DC684AD07807"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D33E431-39F5-4F73-99A1-19A05A594C90"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A6F69A3-E15F-43C9-8B9C-A30E057C4FD0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "602535DE-ED32-4805-85EF-940955459B34"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17727E39-1612-4433-AC23-CBC852B392C2"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.3.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5894CEC-AB1C-44F2-A977-FE74897A24A6"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "579DC0CE-1CEA-449F-BF76-AD7087573ACD"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB3E28C0-675B-4C30-B248-BE1EB5E961C4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C7E7A89-A9CA-45DA-8378-A50B1F9D260E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References