Thursday, February 6, 2025
Homecyber securityCisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

Published on

SIEM as a Service

Follow Us on Google News

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software’s web-based management interface.

This vulnerability could potentially allow authenticated, remote attackers to conduct SQL injection attacks on affected systems.

This vulnerability, tracked as CVE-2024-20360, poses significant risks, including unauthorized data access, command execution on the underlying operating system, and privilege escalation to root.

Vulnerability Details – CVE-2024-20360

The vulnerability exists due to inadequate user input validation within the web-based management interface of Cisco FMC Software.

ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service

An attacker with at least Read Only user credentials can exploit this flaw by sending crafted SQL queries to the affected system.

Successful exploitation could lead to severe consequences, such as:

  • Obtaining any data from the database
  • Executing arbitrary commands on the underlying operating system
  • Elevating privileges to root

This vulnerability affects devices running a vulnerable release of Cisco FMC Software, regardless of the device configuration.

Cisco has confirmed that Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software are unaffected by this vulnerability.

Mitigation and Fixed Software

Cisco has released software updates to address this critical vulnerability.

No workarounds are available, so users need to apply the updates promptly.

Customers with service contracts can obtain the necessary security fixes through their usual update channels.

Those without service contracts can contact the Cisco Technical Assistance Center (TAC).

Users are advised to consult the official Cisco Security Advisory for detailed information on the affected software releases and the fixed versions.

Cisco strongly recommends that all users of affected Cisco FMC Software versions upgrade to the fixed software releases to mitigate the risks associated with this vulnerability.

Users should ensure their devices have sufficient memory and that current hardware and software configurations are compatible with the new release.

For further assistance and to determine their exposure to vulnerabilities, users can utilize the Cisco Software Checker tool, which is available on the Cisco website.

The discovery of CVE-2024-20360 underscores the importance of regular software updates and vigilant security practices.

Organizations using Cisco FMC Software should act swiftly to apply the necessary updates and protect their systems from potential exploitation.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Abyss Locker Ransomware Attacking Critical Network Devices including ESXi servers

The Abyss Locker ransomware, a relatively new but highly disruptive cyber threat, has been...

Weaponized SVG Files With Google Drive Links Attacking Gmail, Outlook & Dropbox Users

A new wave of phishing attacks is leveraging Scalable Vector Graphics (SVG) files to...

Flesh Stealer Malware Attacking Chrome, Firefox, and Edge Users to Steal Passwords

A newly identified malware, Flesh Stealer, is rapidly emerging as a significant cybersecurity threat...

Beware of Nova Stealer Malware Sold for $50 on Hacking Forums

The cybersecurity landscape faces a new challenge with the emergence of Nova Stealer, a...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Abyss Locker Ransomware Attacking Critical Network Devices including ESXi servers

The Abyss Locker ransomware, a relatively new but highly disruptive cyber threat, has been...

Weaponized SVG Files With Google Drive Links Attacking Gmail, Outlook & Dropbox Users

A new wave of phishing attacks is leveraging Scalable Vector Graphics (SVG) files to...

Flesh Stealer Malware Attacking Chrome, Firefox, and Edge Users to Steal Passwords

A newly identified malware, Flesh Stealer, is rapidly emerging as a significant cybersecurity threat...