{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-052.pdf"
    },
    "title": "Vulnerability in Cisco FMC Software",
    "serial_number": "2024-052",
    "publish_date": "28-05-2024 08:53:37",
    "description": "On May 22, Cisco released an advisory regarding an SQL injection vulnerability affecting its Firepower Management Center (FMC) Software. If exploited, this vulnerability could allow an attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root.<br>\nIt is recommended upgrading affected products.<br>\n",
    "url_title": "2024-052",
    "content_markdown": "---\ntitle: 'Vulnerability in\u00a0Cisco\u00a0FMC\u00a0Software'\nnumber: '2024-052'\nversion: '1.0'\noriginal_date: 'May 28, 2024'\ndate: 'May 28, 2024'\n---\n\n_History:_\n\n* _28/05/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn May 22, Cisco released an advisory regarding an SQL injection vulnerability affecting its Firepower Management Center (FMC) Software [1]. If exploited, this vulnerability could allow an attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root.\n\nIt is recommended upgrading affected products.\n\n# Technical Details\n\nThe vulnerability **CVE-2024-20360** [1], with a CVSS score of 8.8, lies in the web-based management interface of Cisco Firepower Management Center (FMC) Software. It exists because the web-based management interface does not adequately validate user input. An attacker could exploit this vulnerability by authenticating to the application and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root.\n\nTo exploit this vulnerability, an attacker would need to be able to access the web-based management interface of the affected device, and to have at least Read Only user credentials.\n\n# Affected Products\n\nThe following versions of Firepower Management Center (FMC) Software are affected:\n\n- 7.3.X\n- 7.2.X before 7.2.5.1\n- 7.1.X\n- 7.0.X before 7.0.6.1\n\nCisco provides a [tool](https://sec.cloudapps.cisco.com/security/center/softwarechecker.x) to check if you version is vulnerable [2].\n\n\n# Recommendations\n\nCERT-EU recommends updating to a fixed version of Cisco FMC software.\n\n# References\n\n[1] <https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sqli-WFFDnNOs>\n\n[2] <https://sec.cloudapps.cisco.com/security/center/softwarechecker.x>",
    "content_html": "<p><em>History:</em></p><ul><li><em>28/05/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On May 22, Cisco released an advisory regarding an SQL injection vulnerability affecting its Firepower Management Center (FMC) Software [1]. If exploited, this vulnerability could allow an attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root.</p><p>It is recommended upgrading affected products.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <strong>CVE-2024-20360</strong> [1], with a CVSS score of 8.8, lies in the web-based management interface of Cisco Firepower Management Center (FMC) Software. It exists because the web-based management interface does not adequately validate user input. An attacker could exploit this vulnerability by authenticating to the application and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root.</p><p>To exploit this vulnerability, an attacker would need to be able to access the web-based management interface of the affected device, and to have at least Read Only user credentials.</p><h2 id=\"affected-products\">Affected Products</h2><p>The following versions of Firepower Management Center (FMC) Software are affected:</p><ul><li>7.3.X</li><li>7.2.X before 7.2.5.1</li><li>7.1.X</li><li>7.0.X before 7.0.6.1</li></ul><p>Cisco provides a <a rel=\"noopener\" target=\"_blank\" href=\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\">tool</a> to check if you version is vulnerable [2].</p><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends updating to a fixed version of Cisco FMC software.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sqli-WFFDnNOs\">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sqli-WFFDnNOs</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\">https://sec.cloudapps.cisco.com/security/center/softwarechecker.x</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}