CVE-2024-20387

Published Oct 23, 2024

Last updated 3 months ago

CVSS medium 5.4

Overview

Description: A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to conduct a stored XSS attack on an affected device.
Source: ykramarz@cisco.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

ykramarz@cisco.com: CWE-79
nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A95D8B6-2D90-4EA8-B468-356EB396A273"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CDEF2CC-D485-4E66-9818-7C9740F37840"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D748B16-1C2A-4E00-807F-647569C271D1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62950A6C-8467-4215-BCD1-010B8C491714"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D97494F-BA89-4E95-A01F-C2CE02505A27"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BB537CA-0E37-471E-8DD3-7710A443224A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9022BCA-EDBF-4FD1-B427-573CA07E5134"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23BA0BE4-B06D-45AE-9C9D-280F1BFA7EDA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B79ABCC-C95B-45AB-BE9D-454BD8174651"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4FD7D25-704B-47EB-AF36-DC684AD07807"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.2.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D33E431-39F5-4F73-99A1-19A05A594C90"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "579DC0CE-1CEA-449F-BF76-AD7087573ACD"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB3E28C0-675B-4C30-B248-BE1EB5E961C4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.4.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C7E7A89-A9CA-45DA-8378-A50B1F9D260E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.2.3.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82917F5C-CF20-4D97-A981-FE3F8476CCFE"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.2.3.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47E42025-1D1E-4390-AC21-9A1B0FBE8D82"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.4.0.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0780AD6-4F38-4400-AA63-E41879F74B68"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.4.0.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86BA5BA6-1F79-4C89-A3F4-A56E2B664AED"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.4.0.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52C7994F-AA17-467B-919E-A49F0CC9DB47"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.4.0.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F007F6B-1EAA-468C-8159-78B020DF1E58"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81F9AF68-70BD-46DE-B7F2-97C9BD5182A9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.6.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1D808CD-B030-4334-A286-9B3A1D35C61D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DFE9115-3E32-4A55-AB5A-83513322FE97"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09BD6616-B2B9-49B1-AD20-9B13D93C8F2C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35A9634E-FCF4-4C67-A463-6BA5F63DD2A5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D8CF5AA-7B41-4E98-8E7E-A399AAA510B9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.6.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8452BA9A-F56C-48E0-BDBA-9095AF78F521"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.6.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2CE3B06-353C-4623-9EF4-78814DCB0D7D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD968EA0-616D-4A22-A15D-C66918E71761"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.6.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE45FF20-1E52-46B6-9B38-07E5A6D6FD6D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E4D83B4-9697-4071-AC9F-7ADC86A6B529"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:7.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36C229AB-2851-48D4-815A-63AAB4462A24"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:7.2.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DA4BCFC-8237-4F5C-9863-523EE7D8619B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:7.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07693A92-7D84-45A1-ACD6-D83AE41D504B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:7.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D401072-6709-4921-8918-720F28D61E24"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0EA3467-4205-4C41-AF24-689330F7396B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BE94E38-5F29-4AE1-8129-7F7582C2CC75"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEF603AD-D69B-4DD8-A7F4-6BEFD355EF29"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References