Sunday, May 4, 2025
Homecyber securityCisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

Published on

SIEM as a Service

Follow Us on Google News

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software’s web-based management interface.

This vulnerability could potentially allow authenticated, remote attackers to conduct SQL injection attacks on affected systems.

This vulnerability, tracked as CVE-2024-20360, poses significant risks, including unauthorized data access, command execution on the underlying operating system, and privilege escalation to root.

- Advertisement - Google News

Vulnerability Details – CVE-2024-20360

The vulnerability exists due to inadequate user input validation within the web-based management interface of Cisco FMC Software.

ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service

An attacker with at least Read Only user credentials can exploit this flaw by sending crafted SQL queries to the affected system.

Successful exploitation could lead to severe consequences, such as:

  • Obtaining any data from the database
  • Executing arbitrary commands on the underlying operating system
  • Elevating privileges to root

This vulnerability affects devices running a vulnerable release of Cisco FMC Software, regardless of the device configuration.

Cisco has confirmed that Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software are unaffected by this vulnerability.

Mitigation and Fixed Software

Cisco has released software updates to address this critical vulnerability.

No workarounds are available, so users need to apply the updates promptly.

Customers with service contracts can obtain the necessary security fixes through their usual update channels.

Those without service contracts can contact the Cisco Technical Assistance Center (TAC).

Users are advised to consult the official Cisco Security Advisory for detailed information on the affected software releases and the fixed versions.

Cisco strongly recommends that all users of affected Cisco FMC Software versions upgrade to the fixed software releases to mitigate the risks associated with this vulnerability.

Users should ensure their devices have sufficient memory and that current hardware and software configurations are compatible with the new release.

For further assistance and to determine their exposure to vulnerabilities, users can utilize the Cisco Software Checker tool, which is available on the Cisco website.

The discovery of CVE-2024-20360 underscores the importance of regular software updates and vigilant security practices.

Organizations using Cisco FMC Software should act swiftly to apply the necessary updates and protect their systems from potential exploitation.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Claude AI Abused in Influence-as-a-Service Operations and Campaigns

Claude AI, developed by Anthropic, has been exploited by malicious actors in a range...

Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting...

TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the...

MintsLoader Malware Uses Sandbox and Virtual Machine Evasion Techniques

MintsLoader, a malicious loader first observed in 2024, has emerged as a formidable tool...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Claude AI Abused in Influence-as-a-Service Operations and Campaigns

Claude AI, developed by Anthropic, has been exploited by malicious actors in a range...

Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting...

TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the...