First published: Tue May 03 2022(Updated: )
A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system. This vulnerability is due to improper validation of files uploaded to the web management interface of Cisco FMC Software. An attacker could exploit this vulnerability by uploading a maliciously crafted file to a device running affected software. A successful exploit could allow the attacker to store malicious files on the device, which they could access later to conduct additional attacks, including executing arbitrary code on the affected device with root privileges.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Firepower Management Center | <6.4.0.15 | |
Cisco Firepower Management Center | >=6.5.0<6.6.5.2 | |
Cisco Firepower Management Center | >=6.7.0<7.0.2 | |
Cisco Firepower Management Center | >=7.1.0<7.1.0.1 | |
Cisco Secure Firewall Management Center | <6.4.0.15 | |
Cisco Secure Firewall Management Center | >=6.5.0<6.6.5.2 | |
Cisco Secure Firewall Management Center | >=6.7.0<7.0.2 | |
Cisco Secure Firewall Management Center | >=7.1.0<7.1.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-20743 is a vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software that allows an authenticated, remote attacker to bypass security protections and upload malicious files.
CVE-2022-20743 has a severity rating of 8.8 (critical).
Versions 6.4.0.15 to 6.6.5.2, 6.7.0 to 7.0.2, and 7.1.0 to 7.1.0.1 of Cisco Firepower Management Center (FMC) Software are affected by CVE-2022-20743.
An attacker can exploit CVE-2022-20743 by uploading malicious files to the affected system through the web management interface.
More information about CVE-2022-20743 can be found at the following reference link: [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-security-bypass-JhOd29Gg)