Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2024-20361
HistoryMay 22, 2024 - 5:16 p.m.

CVE-2024-20361

2024-05-2217:16:13
CWE-264
cisco
web.nvd.nist.gov
38
cisco fmc software
object groups
access control lists
remote attacker
bypass
managed devices
ftd software
vulnerability
high-availability
exploit

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

AI Score

7

Confidence

Low

EPSS

0

Percentile

9.0%

JSON

A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software. This vulnerability is due to the incorrect deployment of the Object Groups for ACLs feature from Cisco FMC Software to managed FTD devices in high-availability setups. After an affected device is rebooted following Object Groups for ACLs deployment, an attacker can exploit this vulnerability by sending traffic through the affected device. A successful exploit could allow the attacker to bypass configured access controls and successfully send traffic to devices that are expected to be protected by the affected device.

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Firepower Management Center",
    "versions": [
      {
        "version": "7.1.0",
        "status": "affected"
      },
      {
        "version": "7.1.0.1",
        "status": "affected"
      },
      {
        "version": "7.1.0.2",
        "status": "affected"
      },
      {
        "version": "7.1.0.3",
        "status": "affected"
      },
      {
        "version": "7.2.0",
        "status": "affected"
      },
      {
        "version": "7.2.1",
        "status": "affected"
      },
      {
        "version": "7.2.2",
        "status": "affected"
      },
      {
        "version": "7.2.0.1",
        "status": "affected"
      },
      {
        "version": "7.2.3",
        "status": "affected"
      },
      {
        "version": "7.2.3.1",
        "status": "affected"
      },
      {
        "version": "7.3.0",
        "status": "affected"
      },
      {
        "version": "7.3.1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Cisco",
    "product": "Cisco Firepower Threat Defense Software",
    "versions": [
      {
        "version": "N/A",
        "status": "affected"
      }
    ]
  }
]

Related

nessus 1
nvd 1
vulnrichment 1
cisco 1
cvelist 1
nessus
nessus
Cisco Firepower Management Center Software Object Group Access Control List Bypass (cisco-sa-fmc-object-bypass-fTH8tDjq)
2024-06-14 00:00:00
nvd
nvd
CVE-2024-20361
2024-05-22 17:16:13
vulnrichment
vulnrichment
CVE-2024-20361
2024-05-22 16:54:00
cisco
cisco
Cisco Firepower Management Center Software Object Group Access Control List Bypass Vulnerability
2024-05-22 16:00:00
cvelist
cvelist
CVE-2024-20361
2024-05-22 16:54:00

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

AI Score

7

Confidence

Low

EPSS

0

Percentile

9.0%

JSON
Related for CVE-2024-20361
nessus1nvd1vulnrichment1cisco1cvelist1