// For flags

CVE-2024-20361

 

Severity Score

5.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software. This vulnerability is due to the incorrect deployment of the Object Groups for ACLs feature from Cisco FMC Software to managed FTD devices in high-availability setups. After an affected device is rebooted following Object Groups for ACLs deployment, an attacker can exploit this vulnerability by sending traffic through the affected device. A successful exploit could allow the attacker to bypass configured access controls and successfully send traffic to devices that are expected to be protected by the affected device.

Una vulnerabilidad en la función Grupos de objetos para listas de control de acceso (ACL) del software Cisco Firepower Management Center (FMC) podría permitir que un atacante remoto no autenticado evite los controles de acceso configurados en dispositivos administrados que ejecutan el software Cisco Firepower Threat Defense (FTD). Esta vulnerabilidad se debe a la implementación incorrecta de la función Grupos de objetos para ACL del software Cisco FMC en dispositivos FTD administrados en configuraciones de alta disponibilidad. Después de reiniciar un dispositivo afectado después de la implementación de grupos de objetos para ACL, un atacante puede aprovechar esta vulnerabilidad enviando tráfico a través del dispositivo afectado. Un exploit exitoso podría permitir al atacante eludir los controles de acceso configurados y enviar tráfico con éxito a los dispositivos que se espera que estén protegidos por el dispositivo afectado.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2023-11-08 CVE Reserved
  • 2024-05-22 CVE Published
  • 2024-05-23 EPSS Updated
  • 2024-08-01 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Cisco Firepower Management Center
Search vendor "Cisco" for product "Cisco Firepower Management Center"
7.1.0
Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.1.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Firepower Management Center
Search vendor "Cisco" for product "Cisco Firepower Management Center"
7.1.0.1
Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.1.0.1"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Firepower Management Center
Search vendor "Cisco" for product "Cisco Firepower Management Center"
7.1.0.2
Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.1.0.2"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Firepower Management Center
Search vendor "Cisco" for product "Cisco Firepower Management Center"
7.1.0.3
Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.1.0.3"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Firepower Management Center
Search vendor "Cisco" for product "Cisco Firepower Management Center"
7.2.0
Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Firepower Management Center
Search vendor "Cisco" for product "Cisco Firepower Management Center"
7.2.1
Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.2.1"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Firepower Management Center
Search vendor "Cisco" for product "Cisco Firepower Management Center"
7.2.2
Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.2.2"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Firepower Management Center
Search vendor "Cisco" for product "Cisco Firepower Management Center"
7.2.0.1
Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.2.0.1"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Firepower Management Center
Search vendor "Cisco" for product "Cisco Firepower Management Center"
7.2.3
Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.2.3"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Firepower Management Center
Search vendor "Cisco" for product "Cisco Firepower Management Center"
7.2.3.1
Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.2.3.1"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Firepower Management Center
Search vendor "Cisco" for product "Cisco Firepower Management Center"
7.3.0
Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.3.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Firepower Management Center
Search vendor "Cisco" for product "Cisco Firepower Management Center"
7.3.1
Search vendor "Cisco" for product "Cisco Firepower Management Center" and version "7.3.1"
en
Affected