CVE-2024-20472: SQL Injection
First published: Wed Oct 23 2024(Updated: )
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit this vulnerability by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain unauthorized data from the database and make changes to the system. To exploit this vulnerability, an attacker would need Administrator-level privileges.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Secure Firewall Management Center | =7.3.0 | |
| Cisco Secure Firewall Management Center | =7.3.1 | |
| Cisco Secure Firewall Management Center | =7.3.1.1 | |
| Cisco Secure Firewall Management Center | =7.3.1.2 | |
| Cisco Secure Firewall Management Center | =7.4.0 | |
| Cisco Secure Firewall Management Center | =7.4.1 | |
| Cisco Secure Firewall Management Center | =7.4.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-20472?
CVE-2024-20472 has a high severity rating due to its potential for SQL injection attacks.
How do I fix CVE-2024-20472?
To fix CVE-2024-20472, upgrade to the latest version of Cisco Secure Firewall Management Center as specified in the security advisory.
Who is affected by CVE-2024-20472?
Users of Cisco Secure Firewall Management Center versions 7.3.0, 7.3.1, 7.4.0, 7.4.1, and their respective subversions are affected by CVE-2024-20472.
Is CVE-2024-20472 remotely exploitable?
Yes, CVE-2024-20472 can be exploited by authenticated remote attackers.
What are the potential impacts of CVE-2024-20472?
Exploitation of CVE-2024-20472 could lead to unauthorized access and potential data compromise through SQL injection.
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/cisco
- canonical/cisco secure firewall management center
- version/cisco secure firewall management center/7.3.0
- version/cisco secure firewall management center/7.3.1
- version/cisco secure firewall management center/7.3.1.1
- version/cisco secure firewall management center/7.3.1.2
- version/cisco secure firewall management center/7.4.0
- version/cisco secure firewall management center/7.4.1
- version/cisco secure firewall management center/7.4.1.1