What is the severity of CVE-2024-20377?

CVE-2024-20377 is considered a high severity vulnerability due to its potential to allow authenticated remote attackers to conduct stored cross-site scripting attacks.

How do I fix CVE-2024-20377?

To fix CVE-2024-20377, users should upgrade their Cisco Firepower Management Center to the latest version that addresses this vulnerability.

Who is affected by CVE-2024-20377?

CVE-2024-20377 affects users of Cisco Firepower Management Center versions from 7.0.0 to 7.4.1.1.

What impact does CVE-2024-20377 have on users?

The impact of CVE-2024-20377 can allow attackers to execute arbitrary scripts in the context of a user session, leading to data theft or manipulation.

Is CVE-2024-20377 related to web interfaces?

Yes, CVE-2024-20377 specifically pertains to vulnerabilities in the web-based management interface of Cisco Firepower Management Center.

Vulnerability/
CVE-2024-20377

medium

5.4

CWE

23/10/2024

1/11/2024

CVE-2024-20377: XSS

First published: Wed Oct 23 2024(Updated: )

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to the web-based management interface not properly validating user-supplied input. An attacker could exploit this vulnerability by by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Firepower Management Center Software	=7.0.0
Cisco Firepower Management Center Software	=7.0.0.1
Cisco Firepower Management Center Software	=7.0.1
Cisco Firepower Management Center Software	=7.0.1.1
Cisco Firepower Management Center Software	=7.0.2
Cisco Firepower Management Center Software	=7.0.2.1
Cisco Firepower Management Center Software	=7.0.3
Cisco Firepower Management Center Software	=7.0.4
Cisco Firepower Management Center Software	=7.0.5
Cisco Firepower Management Center Software	=7.0.6
Cisco Firepower Management Center Software	=7.0.6.1
Cisco Firepower Management Center Software	=7.0.6.2
Cisco Firepower Management Center Software	=7.0.6.3
Cisco Firepower Management Center Software	=7.1.0
Cisco Firepower Management Center Software	=7.1.0.1
Cisco Firepower Management Center Software	=7.1.0.2
Cisco Firepower Management Center Software	=7.1.0.3
Cisco Firepower Management Center Software	=7.2.0
Cisco Firepower Management Center Software	=7.2.0.1
Cisco Firepower Management Center Software	=7.2.1
Cisco Firepower Management Center Software	=7.2.2
Cisco Firepower Management Center Software	=7.2.3
Cisco Firepower Management Center Software	=7.2.3.1
Cisco Firepower Management Center Software	=7.2.4
Cisco Firepower Management Center Software	=7.2.4.1
Cisco Firepower Management Center Software	=7.2.5
Cisco Firepower Management Center Software	=7.2.5.1
Cisco Firepower Management Center Software	=7.2.5.2
Cisco Firepower Management Center Software	=7.2.6
Cisco Firepower Management Center Software	=7.2.7
Cisco Firepower Management Center Software	=7.2.8
Cisco Firepower Management Center Software	=7.2.8.1
Cisco Firepower Management Center Software	=7.3.0
Cisco Firepower Management Center Software	=7.3.1
Cisco Firepower Management Center Software	=7.3.1.1
Cisco Firepower Management Center Software	=7.3.1.2
Cisco Firepower Management Center Software	=7.4.0
Cisco Firepower Management Center Software	=7.4.1
Cisco Firepower Management Center Software	=7.4.1.1

Never miss a vulnerability like this again

Reference Links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer

Frequently Asked Questions

What is the severity of CVE-2024-20377?
CVE-2024-20377 is considered a high severity vulnerability due to its potential to allow authenticated remote attackers to conduct stored cross-site scripting attacks.
How do I fix CVE-2024-20377?
To fix CVE-2024-20377, users should upgrade their Cisco Firepower Management Center to the latest version that addresses this vulnerability.
Who is affected by CVE-2024-20377?
CVE-2024-20377 affects users of Cisco Firepower Management Center versions from 7.0.0 to 7.4.1.1.
What impact does CVE-2024-20377 have on users?
The impact of CVE-2024-20377 can allow attackers to execute arbitrary scripts in the context of a user session, leading to data theft or manipulation.
Is CVE-2024-20377 related to web interfaces?
Yes, CVE-2024-20377 specifically pertains to vulnerabilities in the web-based management interface of Cisco Firepower Management Center.

agent/weakness
agent/references
agent/description
agent/type
agent/first-publish-date
agent/severity
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/softwarecombine
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco firepower management center software
version/cisco firepower management center software/7.0.0
version/cisco firepower management center software/7.0.0.1
version/cisco firepower management center software/7.0.1
version/cisco firepower management center software/7.0.1.1
version/cisco firepower management center software/7.0.2
version/cisco firepower management center software/7.0.2.1
version/cisco firepower management center software/7.0.3
version/cisco firepower management center software/7.0.4
version/cisco firepower management center software/7.0.5
version/cisco firepower management center software/7.0.6
version/cisco firepower management center software/7.0.6.1
version/cisco firepower management center software/7.0.6.2
version/cisco firepower management center software/7.0.6.3
version/cisco firepower management center software/7.1.0
version/cisco firepower management center software/7.1.0.1
version/cisco firepower management center software/7.1.0.2
version/cisco firepower management center software/7.1.0.3
version/cisco firepower management center software/7.2.0
version/cisco firepower management center software/7.2.0.1
version/cisco firepower management center software/7.2.1
version/cisco firepower management center software/7.2.2
version/cisco firepower management center software/7.2.3
version/cisco firepower management center software/7.2.3.1
version/cisco firepower management center software/7.2.4
version/cisco firepower management center software/7.2.4.1
version/cisco firepower management center software/7.2.5
version/cisco firepower management center software/7.2.5.1
version/cisco firepower management center software/7.2.5.2
version/cisco firepower management center software/7.2.6
version/cisco firepower management center software/7.2.7
version/cisco firepower management center software/7.2.8
version/cisco firepower management center software/7.2.8.1
version/cisco firepower management center software/7.3.0
version/cisco firepower management center software/7.3.1
version/cisco firepower management center software/7.3.1.1
version/cisco firepower management center software/7.3.1.2
version/cisco firepower management center software/7.4.0
version/cisco firepower management center software/7.4.1
version/cisco firepower management center software/7.4.1.1