CVE-2024-20379

Absolute Path Traversal (CWE-36)

Published: Oct 23, 2024 / Updated: 27d ago

010
CVSS 6.5EPSS 0.04%Medium
CVE info copied to clipboard

Summary

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.

Impact

An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. This could lead to unauthorized access to sensitive information, potentially compromising the confidentiality of the system. The vulnerability has a HIGH confidentiality impact, but no impact on integrity or availability.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

As of the provided information, there is no mention of an available patch. The security team should monitor Cisco's security advisories for updates on patching information for this vulnerability.

Mitigation

1. Implement strong access controls and authentication mechanisms for the web-based management interface. 2. Monitor and log access to the web-based management interface for suspicious activities. 3. Use network segmentation to limit access to the management interface from trusted networks only. 4. Keep the Cisco Secure Firewall Management Center Software up to date with the latest security patches when they become available. 5. Consider implementing additional security measures such as Web Application Firewalls (WAF) to help protect against crafted HTTP requests.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2024-20379. See article

Oct 23, 2024 at 6:05 PM / CVE - NEW | THREATINT
CVE Assignment

NVD published the first details for CVE-2024-20379

Oct 23, 2024 at 6:15 PM
CVSS

A CVSS base score of 6.5 has been assigned.

Oct 23, 2024 at 6:20 PM / nvd
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 23, 2024 at 6:21 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.8%)

Oct 24, 2024 at 9:50 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (317554)

Oct 25, 2024 at 7:15 AM
Static CVE Timeline Graph

Affected Systems

Cisco/firepower_management_center
+null more

Patches

sec.cloudapps.cisco.com
+null more

Attack Patterns

CAPEC-597: Absolute Path Traversal
+null more

References

Cisco Secure Firewall Management Center Software Arbitrary File Read Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-file-read-5q4mQRn This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response:

News

cveNotify : 🚨 CVE-2024-20379A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.πŸŽ–@cveNotify
cveNotify : 🚨 CVE-2024-20379A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.πŸŽ–@cveNotify
FOCUS FRIDAY: ADDRESSING EXCHANGE SERVER RCE, FORTIMANAGER, GRAFANA, ROUNDCUBE WEBMAIL, AND CISCO FMC VULNERABILITIES FROM A TPRM PERSPECTIVE
2. Can you confirm if you have implemented strong security practices, including limiting access to the server, enabling multi-factor authentication, and regularly auditing access logs, to prevent potential exploitation of the Remote Code Execution (RCE) vulnerabilities in Microsoft Exchange Server? This week, we dive into several crucial vulnerabilities, including those affecting Exchange Server, FortiManager, Grafana, Roundcube Webmail, and Cisco FMC each with potentially severe impacts on businesses.
Cisco Products Multiple Vulnerabilities
Multiple vulnerabilities were identified in Cisco products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure, cross-site scripting and security restriction bypass on the targeted system. Note: CVE-2024-20481 is being exploited in the wild. The Cisco Product Security Incident Response Team (PSIRT) is aware of malicious use of this vulnerability. Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a missing release of resource after effective lifetime vulnerability that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) of the RAVPN service. RISK: Extremely High Risk Extremely High Risk TYPE: Security software and application – Security Software & Appliance Impact Denial of Service Remote Code Execution Elevation of Privilege Information Disclosure Cross-Site Scripting Security Restriction Bypass System / Technologies affected Cisco Adaptive Security Appliance (ASA) Software Cisco Adaptive Security Virtual Appliance (ASAv) Cisco Secure Firewall Threat Defense Virtual (FTDv) Cisco FirePOWER Services Cisco Firepower Threat Defense (FTD) Software Cisco Secure Firewall Management Center (FMC) Software Please refer to the link below for detail: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-vdb-snort-djj4cnbR https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-dos-eEDWu5RM https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-vpn-4gYEWMKg https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-html-inj-nfJeYHxz https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-rf-bypass-OY8f3pnM https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-bypass-PTry37fX https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-geoip-bypass-MB4zRDu https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-bf-dos-vDZhLqrW https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-nsgacl-bypass-77XnEAsL https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-acl-bypass-VvnLNKqf https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-priv-esc-hBS9gnwq https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-yjj7ZjVq https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-inject-2EnmTC8v https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-inj-LOYAFcfq https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-2HBkA97G https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-file-read-5q4mQRn https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-priv-esc-CMQ4S6m7 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-g8AOKnDP https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-vpn-nyH3fhp https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-lce-vU3ekMJ3 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-snmp-dos-7TcnzxTU https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dap-dos-bhEkP7n https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-dos-QXYE5Ufy https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd2100-snort-dos-M9HuMt75 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-ftd-snort-fw-BCJTZPMu https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftdvirtual-dos-MuenGnYR https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-tls-CWY6zXB https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-dos-hOnB9pH4 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-vpn-cZf8gT https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-9FgEyHsF https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-rce-gRAuPEUF Solutions Before installation of the software, please visit the vendor web-site for more details.
CVE Alert: CVE-2024-20379 - https://www.redpacketsecurity.com/cve_alert_cve-2024-20379/ #OSINT #ThreatIntel #CyberSecurity #cve_2024_20379
CVE Alert: CVE-2024-20379 - redpacketsecurity.com/cve_al… #OSINT #ThreatIntel #CyberSecurity #cve_2024_20379
CVE Alert: CVE-2024-20379 - https://www. redpacketsecurity.com/cve_aler t_cve-2024-20379/ # OSINT # ThreatIntel # CyberSecurity # cve_2024_20379
See 9 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI