Cisco FMC Vulnerability - 20240524003¶
Overview¶
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately validate user input. An attacker could exploit this vulnerability by authenticating to the application and sending crafted SQL queries to an affected system.
What is vulnerable?¶
| CVE | Severity | CVSS | Product Affected |
|---|---|---|---|
| CVE-2024-20360 | High | 8.8 | Cisco Firepower Management Center |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):