CVE-2024-20361

Severity Score

5.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software. This vulnerability is due to the incorrect deployment of the Object Groups for ACLs feature from Cisco FMC Software to managed FTD devices in high-availability setups. After an affected device is rebooted following Object Groups for ACLs deployment, an attacker can exploit this vulnerability by sending traffic through the affected device. A successful exploit could allow the attacker to bypass configured access controls and successfully send traffic to devices that are expected to be protected by the affected device.

Una vulnerabilidad en la función Grupos de objetos para listas de control de acceso (ACL) del software Cisco Firepower Management Center (FMC) podría permitir que un atacante remoto no autenticado evite los controles de acceso configurados en dispositivos administrados que ejecutan el software Cisco Firepower Threat Defense (FTD). Esta vulnerabilidad se debe a la implementación incorrecta de la función Grupos de objetos para ACL del software Cisco FMC en dispositivos FTD administrados en configuraciones de alta disponibilidad. Después de reiniciar un dispositivo afectado después de la implementación de grupos de objetos para ACL, un atacante puede aprovechar esta vulnerabilidad enviando tráfico a través del dispositivo afectado. Un exploit exitoso podría permitir al atacante eludir los controles de acceso configurados y enviar tráfico con éxito a los dispositivos que se espera que estén protegidos por el dispositivo afectado.

*Credits: N/A

CVSS Scores

Ciscov3.1 5.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-11-08 CVE Reserved
2024-05-22 CVE Published
2024-05-23 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (1)

URL	Tag	Source
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-object-bypass-fTH8tDjq

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Cisco Firepower Management Center Search vendor "Cisco" for product "Cisco Firepower Management Center"				7.1.0 Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.1.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Firepower Management Center Search vendor "Cisco" for product "Cisco Firepower Management Center"				7.1.0.1 Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.1.0.1"		en		Affected
Cisco Search vendor "Cisco"		Cisco Firepower Management Center Search vendor "Cisco" for product "Cisco Firepower Management Center"				7.1.0.2 Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.1.0.2"		en		Affected
Cisco Search vendor "Cisco"		Cisco Firepower Management Center Search vendor "Cisco" for product "Cisco Firepower Management Center"				7.1.0.3 Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.1.0.3"		en		Affected
Cisco Search vendor "Cisco"		Cisco Firepower Management Center Search vendor "Cisco" for product "Cisco Firepower Management Center"				7.2.0 Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.2.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Firepower Management Center Search vendor "Cisco" for product "Cisco Firepower Management Center"				7.2.1 Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.2.1"		en		Affected
Cisco Search vendor "Cisco"		Cisco Firepower Management Center Search vendor "Cisco" for product "Cisco Firepower Management Center"				7.2.2 Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.2.2"		en		Affected
Cisco Search vendor "Cisco"		Cisco Firepower Management Center Search vendor "Cisco" for product "Cisco Firepower Management Center"				7.2.0.1 Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.2.0.1"		en		Affected
Cisco Search vendor "Cisco"		Cisco Firepower Management Center Search vendor "Cisco" for product "Cisco Firepower Management Center"				7.2.3 Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.2.3"		en		Affected
Cisco Search vendor "Cisco"		Cisco Firepower Management Center Search vendor "Cisco" for product "Cisco Firepower Management Center"				7.2.3.1 Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.2.3.1"		en		Affected
Cisco Search vendor "Cisco"		Cisco Firepower Management Center Search vendor "Cisco" for product "Cisco Firepower Management Center"				7.3.0 Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.3.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Firepower Management Center Search vendor "Cisco" for product "Cisco Firepower Management Center"				7.3.1 Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.3.1"		en		Affected