May 6, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Quasar RAT aka CinaRAT – Active IOCs
October 30, 2024Lumma Stealer Malware aka LummaC – Active IOCs
October 30, 2024Quasar RAT aka CinaRAT – Active IOCs
October 30, 2024Lumma Stealer Malware aka LummaC – Active IOCs
October 30, 2024
Severity
Medium
Analysis Summary
CVE-2024-20410 CVSS:5.4
Cisco Secure Firewall Management Center Software is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVE-2024-20409 CVSS:4.8
Cisco Secure Firewall Management Center Software is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVE-2024-20403 CVSS:4.8
Cisco Secure Firewall Management Center Software is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVE-2024-20388 CVSS:5.3
Cisco Secure Firewall Management Center Software could allow a remote attacker to obtain sensitive information, caused by a logic error with password updates in API Response. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
Impact
- Cross-Site Scripting
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-20410
- CVE-2024-20409
- CVE-2024-20403
- CVE-2024-20388
Affected Vendors
Cisco
Affected Products
- Cisco Firepower Management Center - 6.2.3 - 6.2.3.1 - 6.2.3.2 - 6.2.3.3 - 6.2.3.4 - 6.2.3.5 - 6.2.3.6 - 6.2.3.7 - 6.2.3.9 - 6.2.3.10 - 6.2.3.11 - 6.2.3.12 - 6.2.3.13 - 6.2.3.14
- Cisco Secure Firewall Management Center Software
- Cisco Firepower Management Center - 7.0.2.1 - 7.0.3 - 7.0.4 - 7.0.5 - 7.0.6 - 7.0.6.1 - 7.0.6.2 - 7.1.0 - 7.1.0.1 - 7.1.0.2 - 7.1.0.3 - 7.2.0 - 7.2.1 - 7.2.2 - 7.2.0.1 - 7.2.3 - 7.2.3.1 - 7.2.4 - 7.2.4.1 - 7.2.5 - 7.2.5.1 - 7.2.6
- Cisco Firepower Management Center - 7.2.7 - 7.2.5.2 - 7.2.8 - 7.2.8.1 - 7.3.0 - 7.3.1 - 7.3.1.1 - 7.3.1.2 - 7.4.0 - 7.4.1 - 7.4.1.1
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.
