CVE-2024-20473

🗓️ 23 Oct 2024 17:51:01Reported by ciscoType

A vulnerability in Cisco Secure Firewall Management Center (FMC) Software allows SQL injection attacks

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The vulnerability in the web interface of the Cisco Secure Firewall Management Center (formerly known as Cisco Firepower Management Center) relates to the lack of protective measures for the SQL query structure, allowing an attacker to execute arbitrary code.	31 Oct 202400:00	–	bdu_fstec
Circl	CVE-2024-20473	23 Oct 202420:45	–	circl
CNNVD	Cisco Secure Firewall Management Center 安全漏洞	23 Oct 202400:00	–	cnnvd
Cvelist	CVE-2024-20473	23 Oct 202417:51	–	cvelist
EUVD	EUVD-2024-18188	3 Oct 202520:07	–	euvd
NVD	CVE-2024-20473	23 Oct 202418:15	–	nvd
Positive Technologies	PT-2024-7467 · Cisco · Cisco Secure Firewall Management Center (Fmc)	23 Oct 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-20473	23 May 202507:48	–	redhatcve
Vulnrichment	CVE-2024-20473	23 Oct 202417:51	–	vulnrichment

NVD

Node

cisco secure_firewall_management_centerMatch7.3.0

cisco secure_firewall_management_centerMatch7.3.1

cisco secure_firewall_management_centerMatch7.3.1.1

cisco secure_firewall_management_centerMatch7.3.1.2

cisco secure_firewall_management_centerMatch7.4.0

cisco secure_firewall_management_centerMatch7.4.1

cisco secure_firewall_management_centerMatch7.4.1.1

[
  {
    "vendor": "Cisco",
    "product": "Cisco Firepower Management Center",
    "versions": [
      {
        "version": "7.3.0",
        "status": "affected"
      },
      {
        "version": "7.3.1",
        "status": "affected"
      },
      {
        "version": "7.3.1.1",
        "status": "affected"
      },
      {
        "version": "7.3.1.2",
        "status": "affected"
      },
      {
        "version": "7.4.0",
        "status": "affected"
      },
      {
        "version": "7.4.1",
        "status": "affected"
      },
      {
        "version": "7.4.1.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
sec	www.sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-inj-LOYAFcfq

01 Nov 2024 18:09Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.16.5

EPSS0.00333

SSVC

CWE-89