CVE-2024-20482
First published: Wed Oct 23 2024(Updated: )
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker must have a valid account on the device that is configured with a custom read-only role. This vulnerability is due to insufficient validation of role permissions in part of the web-based management interface. An attacker could exploit this vulnerability by performing a write operation on the affected part of the web-based management interface. A successful exploit could allow the attacker to modify certain parts of the configuration.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Secure Firewall Management Center | =7.2.0 | |
| Cisco Secure Firewall Management Center | =7.2.0.1 | |
| Cisco Secure Firewall Management Center | =7.2.1 | |
| Cisco Secure Firewall Management Center | =7.2.2 | |
| Cisco Secure Firewall Management Center | =7.2.3 | |
| Cisco Secure Firewall Management Center | =7.2.3.1 | |
| Cisco Secure Firewall Management Center | =7.2.4 | |
| Cisco Secure Firewall Management Center | =7.2.4.1 | |
| Cisco Secure Firewall Management Center | =7.2.5 | |
| Cisco Secure Firewall Management Center | =7.2.5.1 | |
| Cisco Secure Firewall Management Center | =7.2.5.2 | |
| Cisco Secure Firewall Management Center | =7.2.6 | |
| Cisco Secure Firewall Management Center | =7.2.7 | |
| Cisco Secure Firewall Management Center | =7.2.8 | |
| Cisco Secure Firewall Management Center | =7.2.8.1 | |
| Cisco Secure Firewall Management Center | =7.3.0 | |
| Cisco Secure Firewall Management Center | =7.3.1 | |
| Cisco Secure Firewall Management Center | =7.3.1.1 | |
| Cisco Secure Firewall Management Center | =7.3.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-20482?
CVE-2024-20482 has been classified as a high severity vulnerability.
How do I fix CVE-2024-20482?
To fix CVE-2024-20482, update your Cisco Secure Firewall Management Center to the latest version that addresses this vulnerability.
What versions of Cisco Secure Firewall Management Center are affected by CVE-2024-20482?
CVE-2024-20482 affects Cisco Secure Firewall Management Center versions 7.2.0 through 7.3.1.2.
Can CVE-2024-20482 be exploited remotely?
Yes, CVE-2024-20482 can be exploited by an authenticated remote attacker.
What types of attacks can CVE-2024-20482 enable?
CVE-2024-20482 can enable attackers to elevate privileges on affected devices.
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/cisco
- canonical/cisco secure firewall management center
- version/cisco secure firewall management center/7.2.0
- version/cisco secure firewall management center/7.2.0.1
- version/cisco secure firewall management center/7.2.1
- version/cisco secure firewall management center/7.2.2
- version/cisco secure firewall management center/7.2.3
- version/cisco secure firewall management center/7.2.3.1
- version/cisco secure firewall management center/7.2.4
- version/cisco secure firewall management center/7.2.4.1
- version/cisco secure firewall management center/7.2.5
- version/cisco secure firewall management center/7.2.5.1
- version/cisco secure firewall management center/7.2.5.2
- version/cisco secure firewall management center/7.2.6
- version/cisco secure firewall management center/7.2.7
- version/cisco secure firewall management center/7.2.8
- version/cisco secure firewall management center/7.2.8.1
- version/cisco secure firewall management center/7.3.0
- version/cisco secure firewall management center/7.3.1
- version/cisco secure firewall management center/7.3.1.1
- version/cisco secure firewall management center/7.3.1.2