CVE-2024-20340 (CNNVD-202410-2649)
MEDIUM
中文标题:
Cisco Secure Firewall Management Center 安全漏洞
英文标题:
Cisco Secure Firewall Management Center SQL Injection Vulnerability
CVSS分数:
6.5
发布时间:
2024-10-23 17:09:10
漏洞类型:
其他
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v3
漏洞描述
中文描述:
Cisco Secure Firewall Management Center是美国思科(Cisco)公司的一个强大的网络安全管理工具。 Cisco Secure Firewall Management Center存在安全漏洞,该漏洞源于对用户提供的输入的验证不足。攻击者利用该漏洞可以读取受影响设备上的数据库内容,并获得对底层操作系统的有限读取访问权限。
英文描述:
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, an attacker must have a valid account on the device with the role of Security Approver, Intrusion Admin, Access Admin, or Network Admin. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to read the contents of databases on the affected device and also obtain limited read access to the underlying operating system.
CWE类型:
CWE-89
标签:
(暂无数据)
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center | 7.0.0 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.0.0:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.0.0.1 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.0.0.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.0.1 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.0.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.1.0 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.1.0:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.0.1.1 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.0.1.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.1.0.1 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.1.0.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.0.2 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.0.2:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.2.0 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.2.0:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.0.2.1 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.0.2.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.0.3 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.0.3:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.1.0.2 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.1.0.2:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.2.0.1 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.2.0.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.0.4 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.0.4:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.2.1 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.2.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.0.5 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.0.5:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.3.0 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.3.0:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.2.2 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.2.2:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.3.1 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.3.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.2.3 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.2.3:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.1.0.3 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.1.0.3:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.2.3.1 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.2.3.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.2.4 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.2.4:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.0.6 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.0.6:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.2.4.1 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.2.4.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.2.5 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.2.5:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.3.1.1 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.3.1.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.4.0 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.4.0:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.0.6.1 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.0.6.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.2.5.1 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.2.5.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.4.1 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.4.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.2.6 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.2.6:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.4.1.1 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.4.1.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.0.6.2 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.0.6.2:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.2.7 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.2.7:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.2.5.2 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.2.5.2:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.3.1.2 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.3.1.2:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.2.8 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.2.8:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.4.2 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.4.2:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.2.8.1 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.2.8.1:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.0.0 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.0:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.0.0.1 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.0.1:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.0.1 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.1:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.0.1.1 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.1.1:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.0.2 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.2:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.0.2.1 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.2.1:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.0.3 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.3:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.0.4 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.4:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.0.5 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.5:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.0.6 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.0.6.1 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6.1:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.0.6.2 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6.2:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.1.0 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.1.0:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.1.0.1 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.1.0.1:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.1.0.2 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.1.0.2:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.1.0.3 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.1.0.3:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.2.0 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.0:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.2.0.1 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.0.1:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.2.1 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.1:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.2.2 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.2:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.2.3 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.3:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.2.3.1 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.3.1:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.2.4 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.4:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.2.4.1 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.4.1:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.2.5 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.5:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.2.5.1 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.5.1:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.2.5.2 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.5.2:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.2.6 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.6:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.2.7 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.7:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.2.8 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.8:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.2.8.1 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.8.1:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.3.0 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.0:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.3.1 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.3.1.1 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1.1:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.3.1.2 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1.2:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.4.0 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.0:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.4.1 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.1:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.4.1.1 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.1.1:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | 7.4.2 | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.2:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
cisco-sa-fmc-sql-inject-2EnmTC8v
OTHER
cve.org
访问
cve.org
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO
OTHER
cve.org
访问
cve.org
Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication
OTHER
cve.org
访问
cve.org
CVSS评分详情
3.1 (cna)
MEDIUM
6.5
CVSS向量:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
机密性
HIGH
完整性
NONE
可用性
NONE
时间信息
发布时间:
2024-10-23 17:09:10
修改时间:
2024-10-24 17:48:12
创建时间:
2025-11-11 15:39:03
更新时间:
2025-11-11 15:59:11
利用信息
暂无可利用代码信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2024-20340 |
2025-11-11 15:22:24 | 2025-11-11 07:39:03 |
| NVD | nvd_CVE-2024-20340 |
2025-11-11 15:00:08 | 2025-11-11 07:47:05 |
| CNNVD | cnnvd_CNNVD-202410-2649 |
2025-11-11 15:11:50 | 2025-11-11 07:59:11 |
版本与语言
当前版本:
v3
主要语言:
EN
支持语言:
EN
ZH
安全公告
暂无安全公告信息
变更历史
v3
CNNVD
2025-11-11 15:59:11
vulnerability_type: 未提取 → 其他; cnnvd_id: 未提取 → CNNVD-202410-2649; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202410-2649
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:47:05
affected_products_count: 39 → 78; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- affected_products_count: 39 -> 78
- data_sources: ['cve'] -> ['cve', 'nvd']