Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for firepower_management_center by cisco

    CVE-2024-20415 (GCVE-0-2024-20415)

    Vulnerability from nvd – Published: 2024-10-23 17:46 – Updated: 2024-10-23 20:54
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Firepower Management Center Affected: 6.2.3
    Affected: 6.2.3.1
    Affected: 6.2.3.2
    Affected: 6.2.3.3
    Affected: 6.2.3.4
    Affected: 6.2.3.5
    Affected: 6.2.3.6
    Affected: 6.2.3.7
    Affected: 6.2.3.9
    Affected: 6.2.3.10
    Affected: 6.2.3.11
    Affected: 6.2.3.12
    Affected: 6.2.3.13
    Affected: 6.2.3.14
    Affected: 6.2.3.15
    Affected: 6.2.3.8
    Affected: 6.2.3.16
    Affected: 6.2.3.17
    Affected: 6.2.3.18
    Affected: 6.4.0
    Affected: 6.4.0.1
    Affected: 6.4.0.3
    Affected: 6.4.0.2
    Affected: 6.4.0.4
    Affected: 6.4.0.5
    Affected: 6.4.0.6
    Affected: 6.4.0.7
    Affected: 6.4.0.8
    Affected: 6.4.0.9
    Affected: 6.4.0.10
    Affected: 6.4.0.11
    Affected: 6.4.0.12
    Affected: 6.4.0.13
    Affected: 6.4.0.14
    Affected: 6.4.0.15
    Affected: 6.4.0.16
    Affected: 6.4.0.17
    Affected: 6.4.0.18
    Affected: 6.6.0
    Affected: 6.6.0.1
    Affected: 6.6.1
    Affected: 6.6.3
    Affected: 6.6.4
    Affected: 6.6.5
    Affected: 6.6.5.1
    Affected: 6.6.5.2
    Affected: 6.6.7
    Affected: 6.6.7.1
    Affected: 6.6.7.2
    Affected: 6.7.0
    Affected: 6.7.0.1
    Affected: 6.7.0.2
    Affected: 6.7.0.3
    Affected: 7.0.0
    Affected: 7.0.0.1
    Affected: 7.0.1
    Affected: 7.0.1.1
    Affected: 7.0.2
    Affected: 7.0.2.1
    Affected: 7.0.3
    Affected: 7.0.4
    Affected: 7.0.5
    Affected: 7.0.6
    Affected: 7.0.6.1
    Affected: 7.0.6.2
    Affected: 7.1.0
    Affected: 7.1.0.1
    Affected: 7.1.0.2
    Affected: 7.1.0.3
    Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.2.2
    Affected: 7.2.0.1
    Affected: 7.2.3
    Affected: 7.2.3.1
    Affected: 7.2.4
    Affected: 7.2.4.1
    Affected: 7.2.5
    Affected: 7.2.5.1
    Affected: 7.2.6
    Affected: 7.2.7
    Affected: 7.2.5.2
    Affected: 7.2.8
    Affected: 7.2.8.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.3.1.1
    Affected: 7.3.1.2
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.4.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20415",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T20:54:49.796489Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T20:54:58.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Firepower Management Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.2"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.4"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.7"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.11"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.12"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.13"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.15"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.8"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.16"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.17"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.18"
                },
                {
                  "status": "affected",
                  "version": "6.4.0"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.3"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.8"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.9"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.10"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.11"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.12"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.13"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.14"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.15"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.16"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.17"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.18"
                },
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.3"
                },
                {
                  "status": "affected",
                  "version": "6.6.4"
                },
                {
                  "status": "affected",
                  "version": "6.6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "6.6.7"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "7.0.6"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.4"
                },
                {
                  "status": "affected",
                  "version": "7.2.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.6"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.8"
                },
                {
                  "status": "affected",
                  "version": "7.2.8.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T17:46:02.736Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-fmc-xss-dhJxQYZs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-fmc-xss-dhJxQYZs",
            "defects": [
              "CSCwi61058"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20415",
        "datePublished": "2024-10-23T17:46:02.736Z",
        "dateReserved": "2023-11-08T15:08:07.663Z",
        "dateUpdated": "2024-10-23T20:54:58.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20410 (GCVE-0-2024-20410)

    Vulnerability from nvd – Published: 2024-10-23 17:38 – Updated: 2024-10-24 17:46
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Firepower Management Center Affected: 6.2.3
    Affected: 6.2.3.1
    Affected: 6.2.3.2
    Affected: 6.2.3.3
    Affected: 6.2.3.4
    Affected: 6.2.3.5
    Affected: 6.2.3.6
    Affected: 6.2.3.7
    Affected: 6.2.3.9
    Affected: 6.2.3.10
    Affected: 6.2.3.11
    Affected: 6.2.3.12
    Affected: 6.2.3.13
    Affected: 6.2.3.14
    Affected: 6.2.3.15
    Affected: 6.2.3.8
    Affected: 6.2.3.16
    Affected: 6.2.3.17
    Affected: 6.2.3.18
    Affected: 6.4.0
    Affected: 6.4.0.1
    Affected: 6.4.0.3
    Affected: 6.4.0.2
    Affected: 6.4.0.4
    Affected: 6.4.0.5
    Affected: 6.4.0.6
    Affected: 6.4.0.7
    Affected: 6.4.0.8
    Affected: 6.4.0.9
    Affected: 6.4.0.10
    Affected: 6.4.0.11
    Affected: 6.4.0.12
    Affected: 6.4.0.13
    Affected: 6.4.0.14
    Affected: 6.4.0.15
    Affected: 6.4.0.16
    Affected: 6.4.0.17
    Affected: 6.4.0.18
    Affected: 6.6.0
    Affected: 6.6.0.1
    Affected: 6.6.1
    Affected: 6.6.3
    Affected: 6.6.4
    Affected: 6.6.5
    Affected: 6.6.5.1
    Affected: 6.6.5.2
    Affected: 6.6.7
    Affected: 6.6.7.1
    Affected: 6.6.7.2
    Affected: 6.7.0
    Affected: 6.7.0.1
    Affected: 6.7.0.2
    Affected: 6.7.0.3
    Affected: 7.0.0
    Affected: 7.0.0.1
    Affected: 7.0.1
    Affected: 7.0.1.1
    Affected: 7.0.2
    Affected: 7.0.2.1
    Affected: 7.0.3
    Affected: 7.0.4
    Affected: 7.0.5
    Affected: 7.0.6
    Affected: 7.0.6.1
    Affected: 7.0.6.2
    Affected: 7.1.0
    Affected: 7.1.0.1
    Affected: 7.1.0.2
    Affected: 7.1.0.3
    Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.2.2
    Affected: 7.2.0.1
    Affected: 7.2.3
    Affected: 7.2.3.1
    Affected: 7.2.4
    Affected: 7.2.4.1
    Affected: 7.2.5
    Affected: 7.2.5.1
    Affected: 7.2.6
    Affected: 7.2.7
    Affected: 7.2.5.2
    Affected: 7.2.8
    Affected: 7.2.8.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.3.1.1
    Affected: 7.3.1.2
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.4.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20410",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T18:39:45.491201Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T17:46:41.091Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Firepower Management Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.2"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.4"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.7"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.11"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.12"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.13"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.15"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.8"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.16"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.17"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.18"
                },
                {
                  "status": "affected",
                  "version": "6.4.0"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.3"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.8"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.9"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.10"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.11"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.12"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.13"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.14"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.15"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.16"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.17"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.18"
                },
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.3"
                },
                {
                  "status": "affected",
                  "version": "6.6.4"
                },
                {
                  "status": "affected",
                  "version": "6.6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "6.6.7"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "7.0.6"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.4"
                },
                {
                  "status": "affected",
                  "version": "7.2.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.6"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.8"
                },
                {
                  "status": "affected",
                  "version": "7.2.8.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T17:38:43.124Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-fmc-xss-dhJxQYZs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-fmc-xss-dhJxQYZs",
            "defects": [
              "CSCwj11119"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20410",
        "datePublished": "2024-10-23T17:38:43.124Z",
        "dateReserved": "2023-11-08T15:08:07.662Z",
        "dateUpdated": "2024-10-24T17:46:41.091Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20409 (GCVE-0-2024-20409)

    Vulnerability from nvd – Published: 2024-10-23 17:38 – Updated: 2024-10-24 17:46
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Firepower Management Center Affected: 6.2.3
    Affected: 6.2.3.1
    Affected: 6.2.3.2
    Affected: 6.2.3.3
    Affected: 6.2.3.4
    Affected: 6.2.3.5
    Affected: 6.2.3.6
    Affected: 6.2.3.7
    Affected: 6.2.3.9
    Affected: 6.2.3.10
    Affected: 6.2.3.11
    Affected: 6.2.3.12
    Affected: 6.2.3.13
    Affected: 6.2.3.14
    Affected: 6.2.3.15
    Affected: 6.2.3.8
    Affected: 6.2.3.16
    Affected: 6.2.3.17
    Affected: 6.2.3.18
    Affected: 6.4.0
    Affected: 6.4.0.1
    Affected: 6.4.0.3
    Affected: 6.4.0.2
    Affected: 6.4.0.4
    Affected: 6.4.0.5
    Affected: 6.4.0.6
    Affected: 6.4.0.7
    Affected: 6.4.0.8
    Affected: 6.4.0.9
    Affected: 6.4.0.10
    Affected: 6.4.0.11
    Affected: 6.4.0.12
    Affected: 6.4.0.13
    Affected: 6.4.0.14
    Affected: 6.4.0.15
    Affected: 6.4.0.16
    Affected: 6.4.0.17
    Affected: 6.4.0.18
    Affected: 6.6.0
    Affected: 6.6.0.1
    Affected: 6.6.1
    Affected: 6.6.3
    Affected: 6.6.4
    Affected: 6.6.5
    Affected: 6.6.5.1
    Affected: 6.6.5.2
    Affected: 6.6.7
    Affected: 6.6.7.1
    Affected: 6.6.7.2
    Affected: 6.7.0
    Affected: 6.7.0.1
    Affected: 6.7.0.2
    Affected: 6.7.0.3
    Affected: 7.0.0
    Affected: 7.0.0.1
    Affected: 7.0.1
    Affected: 7.0.1.1
    Affected: 7.0.2
    Affected: 7.0.2.1
    Affected: 7.0.3
    Affected: 7.0.4
    Affected: 7.0.5
    Affected: 7.0.6
    Affected: 7.0.6.1
    Affected: 7.0.6.2
    Affected: 7.1.0
    Affected: 7.1.0.1
    Affected: 7.1.0.2
    Affected: 7.1.0.3
    Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.2.2
    Affected: 7.2.0.1
    Affected: 7.2.3
    Affected: 7.2.3.1
    Affected: 7.2.4
    Affected: 7.2.4.1
    Affected: 7.2.5
    Affected: 7.2.5.1
    Affected: 7.2.6
    Affected: 7.2.7
    Affected: 7.2.5.2
    Affected: 7.2.8
    Affected: 7.2.8.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.3.1.1
    Affected: 7.3.1.2
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.4.1.1
    Affected: 7.4.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20409",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T18:39:47.027719Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T17:46:51.825Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Firepower Management Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.2"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.4"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.7"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.11"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.12"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.13"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.15"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.8"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.16"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.17"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.18"
                },
                {
                  "status": "affected",
                  "version": "6.4.0"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.3"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.8"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.9"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.10"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.11"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.12"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.13"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.14"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.15"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.16"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.17"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.18"
                },
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.3"
                },
                {
                  "status": "affected",
                  "version": "6.6.4"
                },
                {
                  "status": "affected",
                  "version": "6.6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "6.6.7"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "7.0.6"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.4"
                },
                {
                  "status": "affected",
                  "version": "7.2.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.6"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.8"
                },
                {
                  "status": "affected",
                  "version": "7.2.8.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T17:38:10.132Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-fmc-xss-dhJxQYZs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-fmc-xss-dhJxQYZs",
            "defects": [
              "CSCwj77284"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20409",
        "datePublished": "2024-10-23T17:38:10.132Z",
        "dateReserved": "2023-11-08T15:08:07.661Z",
        "dateUpdated": "2024-10-24T17:46:51.825Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20403 (GCVE-0-2024-20403)

    Vulnerability from nvd – Published: 2024-10-23 17:36 – Updated: 2024-10-24 17:47
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Firepower Management Center Affected: 6.2.3
    Affected: 6.2.3.1
    Affected: 6.2.3.2
    Affected: 6.2.3.3
    Affected: 6.2.3.4
    Affected: 6.2.3.5
    Affected: 6.2.3.6
    Affected: 6.2.3.7
    Affected: 6.2.3.9
    Affected: 6.2.3.10
    Affected: 6.2.3.11
    Affected: 6.2.3.12
    Affected: 6.2.3.13
    Affected: 6.2.3.14
    Affected: 6.2.3.15
    Affected: 6.2.3.8
    Affected: 6.2.3.16
    Affected: 6.2.3.17
    Affected: 6.2.3.18
    Affected: 6.4.0
    Affected: 6.4.0.1
    Affected: 6.4.0.3
    Affected: 6.4.0.2
    Affected: 6.4.0.4
    Affected: 6.4.0.5
    Affected: 6.4.0.6
    Affected: 6.4.0.7
    Affected: 6.4.0.8
    Affected: 6.4.0.9
    Affected: 6.4.0.10
    Affected: 6.4.0.11
    Affected: 6.4.0.12
    Affected: 6.4.0.13
    Affected: 6.4.0.14
    Affected: 6.4.0.15
    Affected: 6.4.0.16
    Affected: 6.4.0.17
    Affected: 6.4.0.18
    Affected: 6.6.0
    Affected: 6.6.0.1
    Affected: 6.6.1
    Affected: 6.6.3
    Affected: 6.6.4
    Affected: 6.6.5
    Affected: 6.6.5.1
    Affected: 6.6.5.2
    Affected: 6.6.7
    Affected: 6.6.7.1
    Affected: 6.6.7.2
    Affected: 6.7.0
    Affected: 6.7.0.1
    Affected: 6.7.0.2
    Affected: 6.7.0.3
    Affected: 7.0.0
    Affected: 7.0.0.1
    Affected: 7.0.1
    Affected: 7.0.1.1
    Affected: 7.0.2
    Affected: 7.0.2.1
    Affected: 7.0.3
    Affected: 7.0.4
    Affected: 7.0.5
    Affected: 7.0.6
    Affected: 7.0.6.1
    Affected: 7.0.6.2
    Affected: 7.1.0
    Affected: 7.1.0.1
    Affected: 7.1.0.2
    Affected: 7.1.0.3
    Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.2.2
    Affected: 7.2.0.1
    Affected: 7.2.3
    Affected: 7.2.3.1
    Affected: 7.2.4
    Affected: 7.2.4.1
    Affected: 7.2.5
    Affected: 7.2.5.1
    Affected: 7.2.6
    Affected: 7.2.7
    Affected: 7.2.5.2
    Affected: 7.2.8
    Affected: 7.2.8.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.3.1.1
    Affected: 7.3.1.2
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.4.1.1
    Affected: 7.4.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20403",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T18:39:49.726716Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T17:47:15.288Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Firepower Management Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.2"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.4"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.7"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.11"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.12"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.13"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.15"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.8"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.16"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.17"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.18"
                },
                {
                  "status": "affected",
                  "version": "6.4.0"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.3"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.8"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.9"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.10"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.11"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.12"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.13"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.14"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.15"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.16"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.17"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.18"
                },
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.3"
                },
                {
                  "status": "affected",
                  "version": "6.6.4"
                },
                {
                  "status": "affected",
                  "version": "6.6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "6.6.7"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "7.0.6"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.4"
                },
                {
                  "status": "affected",
                  "version": "7.2.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.6"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.8"
                },
                {
                  "status": "affected",
                  "version": "7.2.8.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T17:36:14.821Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-fmc-xss-dhJxQYZs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-fmc-xss-dhJxQYZs",
            "defects": [
              "CSCwi85823"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20403",
        "datePublished": "2024-10-23T17:36:14.821Z",
        "dateReserved": "2023-11-08T15:08:07.660Z",
        "dateUpdated": "2024-10-24T17:47:15.288Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20388 (GCVE-0-2024-20388)

    Vulnerability from nvd – Published: 2024-10-23 17:35 – Updated: 2024-10-24 16:24
    VLAI
    Summary
    A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-202 - Exposure of Sensitive Information Through Data Queries
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Firepower Management Center Affected: 6.2.3
    Affected: 6.2.3.1
    Affected: 6.2.3.2
    Affected: 6.2.3.3
    Affected: 6.2.3.4
    Affected: 6.2.3.5
    Affected: 6.2.3.6
    Affected: 6.2.3.7
    Affected: 6.2.3.9
    Affected: 6.2.3.10
    Affected: 6.2.3.11
    Affected: 6.2.3.12
    Affected: 6.2.3.13
    Affected: 6.2.3.14
    Affected: 6.2.3.15
    Affected: 6.2.3.8
    Affected: 6.2.3.16
    Affected: 6.2.3.17
    Affected: 6.2.3.18
    Affected: 6.4.0
    Affected: 6.4.0.1
    Affected: 6.4.0.3
    Affected: 6.4.0.2
    Affected: 6.4.0.4
    Affected: 6.4.0.5
    Affected: 6.4.0.6
    Affected: 6.4.0.7
    Affected: 6.4.0.8
    Affected: 6.4.0.9
    Affected: 6.4.0.10
    Affected: 6.4.0.11
    Affected: 6.4.0.12
    Affected: 6.4.0.13
    Affected: 6.4.0.14
    Affected: 6.4.0.15
    Affected: 6.4.0.16
    Affected: 6.4.0.17
    Affected: 6.4.0.18
    Affected: 6.6.0
    Affected: 6.6.0.1
    Affected: 6.6.1
    Affected: 6.6.3
    Affected: 6.6.4
    Affected: 6.6.5
    Affected: 6.6.5.1
    Affected: 6.6.5.2
    Affected: 6.6.7
    Affected: 6.6.7.1
    Affected: 6.6.7.2
    Affected: 6.7.0
    Affected: 6.7.0.1
    Affected: 6.7.0.2
    Affected: 6.7.0.3
    Affected: 7.0.0
    Affected: 7.0.0.1
    Affected: 7.0.1
    Affected: 7.0.1.1
    Affected: 7.0.2
    Affected: 7.0.2.1
    Affected: 7.0.3
    Affected: 7.0.4
    Affected: 7.0.5
    Affected: 7.0.6
    Affected: 7.0.6.1
    Affected: 7.0.6.2
    Affected: 7.1.0
    Affected: 7.1.0.1
    Affected: 7.1.0.2
    Affected: 7.1.0.3
    Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.2.2
    Affected: 7.2.0.1
    Affected: 7.2.3
    Affected: 7.2.3.1
    Affected: 7.2.4
    Affected: 7.2.4.1
    Affected: 7.2.5
    Affected: 7.2.5.1
    Affected: 7.2.6
    Affected: 7.2.7
    Affected: 7.2.5.2
    Affected: 7.2.8
    Affected: 7.2.8.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.3.1.1
    Affected: 7.3.1.2
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.4.1.1
    Create a notification for this product.
    Cisco Cisco Firepower Threat Defense Software Affected: 6.6.5.1
    Affected: 6.6.7
    Affected: 6.4.0.4
    Affected: 6.4.0.10
    Affected: 6.4.0.12
    Affected: 6.4.0.14
    Affected: 6.4.0.16
    Affected: 6.4.0.18
    Affected: 6.7.0.2
    Affected: 7.1.0.1
    Affected: 7.1.0.3
    Affected: 7.2.2
    Affected: 7.4.1
    Create a notification for this product.
    cisco firepower_management_center Affected: 6.2.3 , ≤ 6.2.3.18 (custom)
    Affected: 6.4.0 , ≤ 6.4.0.18 (custom)
    Affected: 6.6.0 , ≤ 6.6.7.2 (custom)
    Affected: 6.7.0 , ≤ 6.7.0.3 (custom)
    Affected: 7.0.0 , ≤ 7.0.6.2 (custom)
    Affected: 7.1.0 , ≤ 7.1.0.3 (custom)
    Affected: 7.2.0 , ≤ 7.2.8.1 (custom)
    Affected: 7.3.0 , ≤ 7.3.1.2 (custom)
    Affected: 7.4.0 , ≤ 7.4.1.1 (custom)
        cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco firepower_threat_defense_software Affected: 6.4.0.4 , ≤ 6.4.0.18 (custom)
    Affected: 6.6.5.1 , ≤ 6.6.7 (custom)
    Affected: 6.7.0.2
    Affected: 7.1.0.1 , ≤ 7.1.0.3 (custom)
    Affected: 7.2.2
    Affected: 7.4.1
        cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "firepower_management_center",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "6.2.3.18",
                    "status": "affected",
                    "version": "6.2.3",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "6.4.0.18",
                    "status": "affected",
                    "version": "6.4.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "6.6.7.2",
                    "status": "affected",
                    "version": "6.6.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "6.7.0.3",
                    "status": "affected",
                    "version": "6.7.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "7.0.6.2",
                    "status": "affected",
                    "version": "7.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "7.1.0.3",
                    "status": "affected",
                    "version": "7.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "7.2.8.1",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "7.3.1.2",
                    "status": "affected",
                    "version": "7.3.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "7.4.1.1",
                    "status": "affected",
                    "version": "7.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "firepower_threat_defense_software",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.0.18",
                    "status": "affected",
                    "version": "6.4.0.4",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "6.6.7",
                    "status": "affected",
                    "version": "6.6.5.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "6.7.0.2"
                  },
                  {
                    "lessThanOrEqual": "7.1.0.3",
                    "status": "affected",
                    "version": "7.1.0.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "7.2.2"
                  },
                  {
                    "status": "affected",
                    "version": "7.4.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20388",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T18:45:56.491861Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T16:24:24.678Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Firepower Management Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.2"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.4"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.7"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.11"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.12"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.13"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.15"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.8"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.16"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.17"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.18"
                },
                {
                  "status": "affected",
                  "version": "6.4.0"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.3"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.8"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.9"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.10"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.11"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.12"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.13"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.14"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.15"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.16"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.17"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.18"
                },
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.3"
                },
                {
                  "status": "affected",
                  "version": "6.6.4"
                },
                {
                  "status": "affected",
                  "version": "6.6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "6.6.7"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "7.0.6"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.4"
                },
                {
                  "status": "affected",
                  "version": "7.2.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.6"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.8"
                },
                {
                  "status": "affected",
                  "version": "7.2.8.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.1"
                }
              ]
            },
            {
              "product": "Cisco Firepower Threat Defense Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.7"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.10"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.12"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.14"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.16"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.18"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.2"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device.\r\n\r This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-202",
                  "description": "Exposure of Sensitive Information Through Data Queries",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T17:35:24.772Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-fmc-xss-infodisc-RL4mJFer",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer"
            }
          ],
          "source": {
            "advisory": "cisco-sa-fmc-xss-infodisc-RL4mJFer",
            "defects": [
              "CSCwj03056"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20388",
        "datePublished": "2024-10-23T17:35:24.772Z",
        "dateReserved": "2023-11-08T15:08:07.658Z",
        "dateUpdated": "2024-10-24T16:24:24.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20387 (GCVE-0-2024-20387)

    Vulnerability from nvd – Published: 2024-10-23 17:34 – Updated: 2024-10-24 17:01
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to conduct a stored XSS attack on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Firepower Management Center Affected: 6.2.3.17
    Affected: 6.2.3.18
    Affected: 6.4.0.13
    Affected: 6.4.0.14
    Affected: 6.4.0.15
    Affected: 6.4.0.16
    Affected: 6.4.0.17
    Affected: 6.4.0.18
    Affected: 6.6.0
    Affected: 6.6.0.1
    Affected: 6.6.1
    Affected: 6.6.3
    Affected: 6.6.4
    Affected: 6.6.5
    Affected: 6.6.5.1
    Affected: 6.6.5.2
    Affected: 6.6.7
    Affected: 6.6.7.1
    Affected: 6.6.7.2
    Affected: 7.0.6
    Affected: 7.0.6.1
    Affected: 7.0.6.2
    Affected: 7.2.4
    Affected: 7.2.4.1
    Affected: 7.2.5
    Affected: 7.2.5.1
    Affected: 7.2.6
    Affected: 7.2.7
    Affected: 7.2.5.2
    Affected: 7.2.8
    Affected: 7.2.8.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.3.1.1
    Affected: 7.3.1.2
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.4.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20387",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T17:01:27.605090Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T17:01:38.658Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Firepower Management Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.3.17"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.18"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.13"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.14"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.15"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.16"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.17"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.18"
                },
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.3"
                },
                {
                  "status": "affected",
                  "version": "6.6.4"
                },
                {
                  "status": "affected",
                  "version": "6.6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "6.6.7"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.6"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.4"
                },
                {
                  "status": "affected",
                  "version": "7.2.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.6"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.8"
                },
                {
                  "status": "affected",
                  "version": "7.2.8.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to conduct a stored XSS attack on an affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T17:34:18.768Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-fmc-xss-infodisc-RL4mJFer",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer"
            }
          ],
          "source": {
            "advisory": "cisco-sa-fmc-xss-infodisc-RL4mJFer",
            "defects": [
              "CSCwi99692"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20387",
        "datePublished": "2024-10-23T17:34:18.768Z",
        "dateReserved": "2023-11-08T15:08:07.658Z",
        "dateUpdated": "2024-10-24T17:01:38.658Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20386 (GCVE-0-2024-20386)

    Vulnerability from nvd – Published: 2024-10-23 17:33 – Updated: 2024-10-24 17:47
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Firepower Management Center Affected: 6.2.3
    Affected: 6.2.3.1
    Affected: 6.2.3.2
    Affected: 6.2.3.3
    Affected: 6.2.3.4
    Affected: 6.2.3.5
    Affected: 6.2.3.6
    Affected: 6.2.3.7
    Affected: 6.2.3.9
    Affected: 6.2.3.10
    Affected: 6.2.3.11
    Affected: 6.2.3.12
    Affected: 6.2.3.13
    Affected: 6.2.3.14
    Affected: 6.2.3.15
    Affected: 6.2.3.8
    Affected: 6.2.3.16
    Affected: 6.2.3.17
    Affected: 6.2.3.18
    Affected: 6.4.0
    Affected: 6.4.0.1
    Affected: 6.4.0.3
    Affected: 6.4.0.2
    Affected: 6.4.0.4
    Affected: 6.4.0.5
    Affected: 6.4.0.6
    Affected: 6.4.0.7
    Affected: 6.4.0.8
    Affected: 6.4.0.9
    Affected: 6.4.0.10
    Affected: 6.4.0.11
    Affected: 6.4.0.12
    Affected: 6.4.0.13
    Affected: 6.4.0.14
    Affected: 6.4.0.15
    Affected: 6.4.0.16
    Affected: 6.4.0.17
    Affected: 6.4.0.18
    Affected: 6.6.0
    Affected: 6.6.0.1
    Affected: 6.6.1
    Affected: 6.6.3
    Affected: 6.6.4
    Affected: 6.6.5
    Affected: 6.6.5.1
    Affected: 6.6.5.2
    Affected: 6.6.7
    Affected: 6.6.7.1
    Affected: 6.6.7.2
    Affected: 6.7.0
    Affected: 6.7.0.1
    Affected: 6.7.0.2
    Affected: 6.7.0.3
    Affected: 7.0.0
    Affected: 7.0.0.1
    Affected: 7.0.1
    Affected: 7.0.1.1
    Affected: 7.0.2
    Affected: 7.0.2.1
    Affected: 7.0.3
    Affected: 7.0.4
    Affected: 7.0.5
    Affected: 7.0.6
    Affected: 7.0.6.1
    Affected: 7.0.6.2
    Affected: 7.1.0
    Affected: 7.1.0.1
    Affected: 7.1.0.2
    Affected: 7.1.0.3
    Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.2.2
    Affected: 7.2.0.1
    Affected: 7.2.3
    Affected: 7.2.3.1
    Affected: 7.2.4
    Affected: 7.2.4.1
    Affected: 7.2.5
    Affected: 7.2.5.1
    Affected: 7.2.6
    Affected: 7.2.7
    Affected: 7.2.5.2
    Affected: 7.2.8
    Affected: 7.2.8.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.3.1.1
    Affected: 7.3.1.2
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.4.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20386",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T18:39:51.098498Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T17:47:24.943Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Firepower Management Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.2"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.4"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.7"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.11"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.12"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.13"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.15"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.8"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.16"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.17"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.18"
                },
                {
                  "status": "affected",
                  "version": "6.4.0"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.3"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.8"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.9"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.10"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.11"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.12"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.13"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.14"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.15"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.16"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.17"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.18"
                },
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.3"
                },
                {
                  "status": "affected",
                  "version": "6.6.4"
                },
                {
                  "status": "affected",
                  "version": "6.6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "6.6.7"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "7.0.6"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.4"
                },
                {
                  "status": "affected",
                  "version": "7.2.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.6"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.8"
                },
                {
                  "status": "affected",
                  "version": "7.2.8.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T17:33:02.801Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-fmc-xss-dhJxQYZs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-fmc-xss-dhJxQYZs",
            "defects": [
              "CSCwj19632"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20386",
        "datePublished": "2024-10-23T17:33:02.801Z",
        "dateReserved": "2023-11-08T15:08:07.658Z",
        "dateUpdated": "2024-10-24T17:47:24.943Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20379 (GCVE-0-2024-20379)

    Vulnerability from nvd – Published: 2024-10-23 17:30 – Updated: 2024-10-23 19:40
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-36 - Absolute Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Firepower Management Center Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.3.1.1
    Affected: 7.3.1.2
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.4.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20379",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T18:46:31.621999Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T19:40:09.040Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Firepower Management Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-36",
                  "description": "Absolute Path Traversal",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T17:30:52.502Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-fmc-file-read-5q4mQRn",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-file-read-5q4mQRn"
            }
          ],
          "source": {
            "advisory": "cisco-sa-fmc-file-read-5q4mQRn",
            "defects": [
              "CSCwi78547"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20379",
        "datePublished": "2024-10-23T17:30:52.502Z",
        "dateReserved": "2023-11-08T15:08:07.656Z",
        "dateUpdated": "2024-10-23T19:40:09.040Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20372 (GCVE-0-2024-20372)

    Vulnerability from nvd – Published: 2024-10-23 17:29 – Updated: 2024-10-24 17:47
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Firepower Management Center Affected: 6.2.3
    Affected: 6.2.3.1
    Affected: 6.2.3.2
    Affected: 6.2.3.3
    Affected: 6.2.3.4
    Affected: 6.2.3.5
    Affected: 6.2.3.6
    Affected: 6.2.3.7
    Affected: 6.2.3.9
    Affected: 6.2.3.10
    Affected: 6.2.3.11
    Affected: 6.2.3.12
    Affected: 6.2.3.13
    Affected: 6.2.3.14
    Affected: 6.2.3.15
    Affected: 6.2.3.8
    Affected: 6.2.3.16
    Affected: 6.2.3.17
    Affected: 6.2.3.18
    Affected: 6.4.0
    Affected: 6.4.0.1
    Affected: 6.4.0.3
    Affected: 6.4.0.2
    Affected: 6.4.0.4
    Affected: 6.4.0.5
    Affected: 6.4.0.6
    Affected: 6.4.0.7
    Affected: 6.4.0.8
    Affected: 6.4.0.9
    Affected: 6.4.0.10
    Affected: 6.4.0.11
    Affected: 6.4.0.12
    Affected: 6.4.0.13
    Affected: 6.4.0.14
    Affected: 6.4.0.15
    Affected: 6.4.0.16
    Affected: 6.4.0.17
    Affected: 6.4.0.18
    Affected: 6.6.0
    Affected: 6.6.0.1
    Affected: 6.6.1
    Affected: 6.6.3
    Affected: 6.6.4
    Affected: 6.6.5
    Affected: 6.6.5.1
    Affected: 6.6.5.2
    Affected: 6.6.7
    Affected: 6.6.7.1
    Affected: 6.6.7.2
    Affected: 6.7.0
    Affected: 6.7.0.1
    Affected: 6.7.0.2
    Affected: 6.7.0.3
    Affected: 7.0.0
    Affected: 7.0.0.1
    Affected: 7.0.1
    Affected: 7.0.1.1
    Affected: 7.0.2
    Affected: 7.0.2.1
    Affected: 7.0.3
    Affected: 7.0.4
    Affected: 7.0.5
    Affected: 7.0.6
    Affected: 7.0.6.1
    Affected: 7.0.6.2
    Affected: 7.1.0
    Affected: 7.1.0.1
    Affected: 7.1.0.2
    Affected: 7.1.0.3
    Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.2.2
    Affected: 7.2.0.1
    Affected: 7.2.3
    Affected: 7.2.3.1
    Affected: 7.2.4
    Affected: 7.2.4.1
    Affected: 7.2.5
    Affected: 7.2.5.1
    Affected: 7.2.6
    Affected: 7.2.7
    Affected: 7.2.5.2
    Affected: 7.2.8
    Affected: 7.2.8.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.3.1.1
    Affected: 7.3.1.2
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.4.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20372",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T18:39:53.652335Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T17:47:41.964Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Firepower Management Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.2"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.4"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.7"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.11"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.12"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.13"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.15"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.8"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.16"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.17"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.18"
                },
                {
                  "status": "affected",
                  "version": "6.4.0"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.3"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.8"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.9"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.10"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.11"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.12"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.13"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.14"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.15"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.16"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.17"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.18"
                },
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.3"
                },
                {
                  "status": "affected",
                  "version": "6.6.4"
                },
                {
                  "status": "affected",
                  "version": "6.6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "6.6.7"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "7.0.6"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.4"
                },
                {
                  "status": "affected",
                  "version": "7.2.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.6"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.8"
                },
                {
                  "status": "affected",
                  "version": "7.2.8.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T17:29:39.644Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-fmc-xss-dhJxQYZs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-fmc-xss-dhJxQYZs",
            "defects": [
              "CSCwi78593",
              "CSCwi78594"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20372",
        "datePublished": "2024-10-23T17:29:39.644Z",
        "dateReserved": "2023-11-08T15:08:07.654Z",
        "dateUpdated": "2024-10-24T17:47:41.964Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20415 (GCVE-0-2024-20415)

    Vulnerability from cvelistv5 – Published: 2024-10-23 17:46 – Updated: 2024-10-23 20:54
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Firepower Management Center Affected: 6.2.3
    Affected: 6.2.3.1
    Affected: 6.2.3.2
    Affected: 6.2.3.3
    Affected: 6.2.3.4
    Affected: 6.2.3.5
    Affected: 6.2.3.6
    Affected: 6.2.3.7
    Affected: 6.2.3.9
    Affected: 6.2.3.10
    Affected: 6.2.3.11
    Affected: 6.2.3.12
    Affected: 6.2.3.13
    Affected: 6.2.3.14
    Affected: 6.2.3.15
    Affected: 6.2.3.8
    Affected: 6.2.3.16
    Affected: 6.2.3.17
    Affected: 6.2.3.18
    Affected: 6.4.0
    Affected: 6.4.0.1
    Affected: 6.4.0.3
    Affected: 6.4.0.2
    Affected: 6.4.0.4
    Affected: 6.4.0.5
    Affected: 6.4.0.6
    Affected: 6.4.0.7
    Affected: 6.4.0.8
    Affected: 6.4.0.9
    Affected: 6.4.0.10
    Affected: 6.4.0.11
    Affected: 6.4.0.12
    Affected: 6.4.0.13
    Affected: 6.4.0.14
    Affected: 6.4.0.15
    Affected: 6.4.0.16
    Affected: 6.4.0.17
    Affected: 6.4.0.18
    Affected: 6.6.0
    Affected: 6.6.0.1
    Affected: 6.6.1
    Affected: 6.6.3
    Affected: 6.6.4
    Affected: 6.6.5
    Affected: 6.6.5.1
    Affected: 6.6.5.2
    Affected: 6.6.7
    Affected: 6.6.7.1
    Affected: 6.6.7.2
    Affected: 6.7.0
    Affected: 6.7.0.1
    Affected: 6.7.0.2
    Affected: 6.7.0.3
    Affected: 7.0.0
    Affected: 7.0.0.1
    Affected: 7.0.1
    Affected: 7.0.1.1
    Affected: 7.0.2
    Affected: 7.0.2.1
    Affected: 7.0.3
    Affected: 7.0.4
    Affected: 7.0.5
    Affected: 7.0.6
    Affected: 7.0.6.1
    Affected: 7.0.6.2
    Affected: 7.1.0
    Affected: 7.1.0.1
    Affected: 7.1.0.2
    Affected: 7.1.0.3
    Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.2.2
    Affected: 7.2.0.1
    Affected: 7.2.3
    Affected: 7.2.3.1
    Affected: 7.2.4
    Affected: 7.2.4.1
    Affected: 7.2.5
    Affected: 7.2.5.1
    Affected: 7.2.6
    Affected: 7.2.7
    Affected: 7.2.5.2
    Affected: 7.2.8
    Affected: 7.2.8.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.3.1.1
    Affected: 7.3.1.2
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.4.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20415",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T20:54:49.796489Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T20:54:58.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Firepower Management Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.2"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.4"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.7"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.11"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.12"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.13"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.15"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.8"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.16"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.17"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.18"
                },
                {
                  "status": "affected",
                  "version": "6.4.0"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.3"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.8"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.9"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.10"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.11"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.12"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.13"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.14"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.15"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.16"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.17"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.18"
                },
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.3"
                },
                {
                  "status": "affected",
                  "version": "6.6.4"
                },
                {
                  "status": "affected",
                  "version": "6.6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "6.6.7"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "7.0.6"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.4"
                },
                {
                  "status": "affected",
                  "version": "7.2.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.6"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.8"
                },
                {
                  "status": "affected",
                  "version": "7.2.8.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T17:46:02.736Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-fmc-xss-dhJxQYZs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-fmc-xss-dhJxQYZs",
            "defects": [
              "CSCwi61058"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20415",
        "datePublished": "2024-10-23T17:46:02.736Z",
        "dateReserved": "2023-11-08T15:08:07.663Z",
        "dateUpdated": "2024-10-23T20:54:58.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20410 (GCVE-0-2024-20410)

    Vulnerability from cvelistv5 – Published: 2024-10-23 17:38 – Updated: 2024-10-24 17:46
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Firepower Management Center Affected: 6.2.3
    Affected: 6.2.3.1
    Affected: 6.2.3.2
    Affected: 6.2.3.3
    Affected: 6.2.3.4
    Affected: 6.2.3.5
    Affected: 6.2.3.6
    Affected: 6.2.3.7
    Affected: 6.2.3.9
    Affected: 6.2.3.10
    Affected: 6.2.3.11
    Affected: 6.2.3.12
    Affected: 6.2.3.13
    Affected: 6.2.3.14
    Affected: 6.2.3.15
    Affected: 6.2.3.8
    Affected: 6.2.3.16
    Affected: 6.2.3.17
    Affected: 6.2.3.18
    Affected: 6.4.0
    Affected: 6.4.0.1
    Affected: 6.4.0.3
    Affected: 6.4.0.2
    Affected: 6.4.0.4
    Affected: 6.4.0.5
    Affected: 6.4.0.6
    Affected: 6.4.0.7
    Affected: 6.4.0.8
    Affected: 6.4.0.9
    Affected: 6.4.0.10
    Affected: 6.4.0.11
    Affected: 6.4.0.12
    Affected: 6.4.0.13
    Affected: 6.4.0.14
    Affected: 6.4.0.15
    Affected: 6.4.0.16
    Affected: 6.4.0.17
    Affected: 6.4.0.18
    Affected: 6.6.0
    Affected: 6.6.0.1
    Affected: 6.6.1
    Affected: 6.6.3
    Affected: 6.6.4
    Affected: 6.6.5
    Affected: 6.6.5.1
    Affected: 6.6.5.2
    Affected: 6.6.7
    Affected: 6.6.7.1
    Affected: 6.6.7.2
    Affected: 6.7.0
    Affected: 6.7.0.1
    Affected: 6.7.0.2
    Affected: 6.7.0.3
    Affected: 7.0.0
    Affected: 7.0.0.1
    Affected: 7.0.1
    Affected: 7.0.1.1
    Affected: 7.0.2
    Affected: 7.0.2.1
    Affected: 7.0.3
    Affected: 7.0.4
    Affected: 7.0.5
    Affected: 7.0.6
    Affected: 7.0.6.1
    Affected: 7.0.6.2
    Affected: 7.1.0
    Affected: 7.1.0.1
    Affected: 7.1.0.2
    Affected: 7.1.0.3
    Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.2.2
    Affected: 7.2.0.1
    Affected: 7.2.3
    Affected: 7.2.3.1
    Affected: 7.2.4
    Affected: 7.2.4.1
    Affected: 7.2.5
    Affected: 7.2.5.1
    Affected: 7.2.6
    Affected: 7.2.7
    Affected: 7.2.5.2
    Affected: 7.2.8
    Affected: 7.2.8.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.3.1.1
    Affected: 7.3.1.2
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.4.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20410",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T18:39:45.491201Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T17:46:41.091Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Firepower Management Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.2"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.4"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.7"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.11"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.12"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.13"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.15"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.8"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.16"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.17"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.18"
                },
                {
                  "status": "affected",
                  "version": "6.4.0"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.3"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.8"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.9"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.10"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.11"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.12"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.13"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.14"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.15"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.16"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.17"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.18"
                },
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.3"
                },
                {
                  "status": "affected",
                  "version": "6.6.4"
                },
                {
                  "status": "affected",
                  "version": "6.6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "6.6.7"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "7.0.6"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.4"
                },
                {
                  "status": "affected",
                  "version": "7.2.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.6"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.8"
                },
                {
                  "status": "affected",
                  "version": "7.2.8.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T17:38:43.124Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-fmc-xss-dhJxQYZs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-fmc-xss-dhJxQYZs",
            "defects": [
              "CSCwj11119"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20410",
        "datePublished": "2024-10-23T17:38:43.124Z",
        "dateReserved": "2023-11-08T15:08:07.662Z",
        "dateUpdated": "2024-10-24T17:46:41.091Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20409 (GCVE-0-2024-20409)

    Vulnerability from cvelistv5 – Published: 2024-10-23 17:38 – Updated: 2024-10-24 17:46
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Firepower Management Center Affected: 6.2.3
    Affected: 6.2.3.1
    Affected: 6.2.3.2
    Affected: 6.2.3.3
    Affected: 6.2.3.4
    Affected: 6.2.3.5
    Affected: 6.2.3.6
    Affected: 6.2.3.7
    Affected: 6.2.3.9
    Affected: 6.2.3.10
    Affected: 6.2.3.11
    Affected: 6.2.3.12
    Affected: 6.2.3.13
    Affected: 6.2.3.14
    Affected: 6.2.3.15
    Affected: 6.2.3.8
    Affected: 6.2.3.16
    Affected: 6.2.3.17
    Affected: 6.2.3.18
    Affected: 6.4.0
    Affected: 6.4.0.1
    Affected: 6.4.0.3
    Affected: 6.4.0.2
    Affected: 6.4.0.4
    Affected: 6.4.0.5
    Affected: 6.4.0.6
    Affected: 6.4.0.7
    Affected: 6.4.0.8
    Affected: 6.4.0.9
    Affected: 6.4.0.10
    Affected: 6.4.0.11
    Affected: 6.4.0.12
    Affected: 6.4.0.13
    Affected: 6.4.0.14
    Affected: 6.4.0.15
    Affected: 6.4.0.16
    Affected: 6.4.0.17
    Affected: 6.4.0.18
    Affected: 6.6.0
    Affected: 6.6.0.1
    Affected: 6.6.1
    Affected: 6.6.3
    Affected: 6.6.4
    Affected: 6.6.5
    Affected: 6.6.5.1
    Affected: 6.6.5.2
    Affected: 6.6.7
    Affected: 6.6.7.1
    Affected: 6.6.7.2
    Affected: 6.7.0
    Affected: 6.7.0.1
    Affected: 6.7.0.2
    Affected: 6.7.0.3
    Affected: 7.0.0
    Affected: 7.0.0.1
    Affected: 7.0.1
    Affected: 7.0.1.1
    Affected: 7.0.2
    Affected: 7.0.2.1
    Affected: 7.0.3
    Affected: 7.0.4
    Affected: 7.0.5
    Affected: 7.0.6
    Affected: 7.0.6.1
    Affected: 7.0.6.2
    Affected: 7.1.0
    Affected: 7.1.0.1
    Affected: 7.1.0.2
    Affected: 7.1.0.3
    Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.2.2
    Affected: 7.2.0.1
    Affected: 7.2.3
    Affected: 7.2.3.1
    Affected: 7.2.4
    Affected: 7.2.4.1
    Affected: 7.2.5
    Affected: 7.2.5.1
    Affected: 7.2.6
    Affected: 7.2.7
    Affected: 7.2.5.2
    Affected: 7.2.8
    Affected: 7.2.8.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.3.1.1
    Affected: 7.3.1.2
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.4.1.1
    Affected: 7.4.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20409",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T18:39:47.027719Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T17:46:51.825Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Firepower Management Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.2"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.4"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.7"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.11"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.12"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.13"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.15"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.8"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.16"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.17"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.18"
                },
                {
                  "status": "affected",
                  "version": "6.4.0"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.3"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.8"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.9"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.10"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.11"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.12"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.13"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.14"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.15"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.16"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.17"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.18"
                },
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.3"
                },
                {
                  "status": "affected",
                  "version": "6.6.4"
                },
                {
                  "status": "affected",
                  "version": "6.6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "6.6.7"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "7.0.6"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.4"
                },
                {
                  "status": "affected",
                  "version": "7.2.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.6"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.8"
                },
                {
                  "status": "affected",
                  "version": "7.2.8.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T17:38:10.132Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-fmc-xss-dhJxQYZs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-fmc-xss-dhJxQYZs",
            "defects": [
              "CSCwj77284"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20409",
        "datePublished": "2024-10-23T17:38:10.132Z",
        "dateReserved": "2023-11-08T15:08:07.661Z",
        "dateUpdated": "2024-10-24T17:46:51.825Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20403 (GCVE-0-2024-20403)

    Vulnerability from cvelistv5 – Published: 2024-10-23 17:36 – Updated: 2024-10-24 17:47
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Firepower Management Center Affected: 6.2.3
    Affected: 6.2.3.1
    Affected: 6.2.3.2
    Affected: 6.2.3.3
    Affected: 6.2.3.4
    Affected: 6.2.3.5
    Affected: 6.2.3.6
    Affected: 6.2.3.7
    Affected: 6.2.3.9
    Affected: 6.2.3.10
    Affected: 6.2.3.11
    Affected: 6.2.3.12
    Affected: 6.2.3.13
    Affected: 6.2.3.14
    Affected: 6.2.3.15
    Affected: 6.2.3.8
    Affected: 6.2.3.16
    Affected: 6.2.3.17
    Affected: 6.2.3.18
    Affected: 6.4.0
    Affected: 6.4.0.1
    Affected: 6.4.0.3
    Affected: 6.4.0.2
    Affected: 6.4.0.4
    Affected: 6.4.0.5
    Affected: 6.4.0.6
    Affected: 6.4.0.7
    Affected: 6.4.0.8
    Affected: 6.4.0.9
    Affected: 6.4.0.10
    Affected: 6.4.0.11
    Affected: 6.4.0.12
    Affected: 6.4.0.13
    Affected: 6.4.0.14
    Affected: 6.4.0.15
    Affected: 6.4.0.16
    Affected: 6.4.0.17
    Affected: 6.4.0.18
    Affected: 6.6.0
    Affected: 6.6.0.1
    Affected: 6.6.1
    Affected: 6.6.3
    Affected: 6.6.4
    Affected: 6.6.5
    Affected: 6.6.5.1
    Affected: 6.6.5.2
    Affected: 6.6.7
    Affected: 6.6.7.1
    Affected: 6.6.7.2
    Affected: 6.7.0
    Affected: 6.7.0.1
    Affected: 6.7.0.2
    Affected: 6.7.0.3
    Affected: 7.0.0
    Affected: 7.0.0.1
    Affected: 7.0.1
    Affected: 7.0.1.1
    Affected: 7.0.2
    Affected: 7.0.2.1
    Affected: 7.0.3
    Affected: 7.0.4
    Affected: 7.0.5
    Affected: 7.0.6
    Affected: 7.0.6.1
    Affected: 7.0.6.2
    Affected: 7.1.0
    Affected: 7.1.0.1
    Affected: 7.1.0.2
    Affected: 7.1.0.3
    Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.2.2
    Affected: 7.2.0.1
    Affected: 7.2.3
    Affected: 7.2.3.1
    Affected: 7.2.4
    Affected: 7.2.4.1
    Affected: 7.2.5
    Affected: 7.2.5.1
    Affected: 7.2.6
    Affected: 7.2.7
    Affected: 7.2.5.2
    Affected: 7.2.8
    Affected: 7.2.8.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.3.1.1
    Affected: 7.3.1.2
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.4.1.1
    Affected: 7.4.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20403",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T18:39:49.726716Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T17:47:15.288Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Firepower Management Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.2"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.4"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.7"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.11"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.12"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.13"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.15"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.8"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.16"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.17"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.18"
                },
                {
                  "status": "affected",
                  "version": "6.4.0"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.3"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.8"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.9"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.10"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.11"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.12"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.13"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.14"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.15"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.16"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.17"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.18"
                },
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.3"
                },
                {
                  "status": "affected",
                  "version": "6.6.4"
                },
                {
                  "status": "affected",
                  "version": "6.6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "6.6.7"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "7.0.6"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.4"
                },
                {
                  "status": "affected",
                  "version": "7.2.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.6"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.8"
                },
                {
                  "status": "affected",
                  "version": "7.2.8.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T17:36:14.821Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-fmc-xss-dhJxQYZs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-fmc-xss-dhJxQYZs",
            "defects": [
              "CSCwi85823"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20403",
        "datePublished": "2024-10-23T17:36:14.821Z",
        "dateReserved": "2023-11-08T15:08:07.660Z",
        "dateUpdated": "2024-10-24T17:47:15.288Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20388 (GCVE-0-2024-20388)

    Vulnerability from cvelistv5 – Published: 2024-10-23 17:35 – Updated: 2024-10-24 16:24
    VLAI
    Summary
    A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-202 - Exposure of Sensitive Information Through Data Queries
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Firepower Management Center Affected: 6.2.3
    Affected: 6.2.3.1
    Affected: 6.2.3.2
    Affected: 6.2.3.3
    Affected: 6.2.3.4
    Affected: 6.2.3.5
    Affected: 6.2.3.6
    Affected: 6.2.3.7
    Affected: 6.2.3.9
    Affected: 6.2.3.10
    Affected: 6.2.3.11
    Affected: 6.2.3.12
    Affected: 6.2.3.13
    Affected: 6.2.3.14
    Affected: 6.2.3.15
    Affected: 6.2.3.8
    Affected: 6.2.3.16
    Affected: 6.2.3.17
    Affected: 6.2.3.18
    Affected: 6.4.0
    Affected: 6.4.0.1
    Affected: 6.4.0.3
    Affected: 6.4.0.2
    Affected: 6.4.0.4
    Affected: 6.4.0.5
    Affected: 6.4.0.6
    Affected: 6.4.0.7
    Affected: 6.4.0.8
    Affected: 6.4.0.9
    Affected: 6.4.0.10
    Affected: 6.4.0.11
    Affected: 6.4.0.12
    Affected: 6.4.0.13
    Affected: 6.4.0.14
    Affected: 6.4.0.15
    Affected: 6.4.0.16
    Affected: 6.4.0.17
    Affected: 6.4.0.18
    Affected: 6.6.0
    Affected: 6.6.0.1
    Affected: 6.6.1
    Affected: 6.6.3
    Affected: 6.6.4
    Affected: 6.6.5
    Affected: 6.6.5.1
    Affected: 6.6.5.2
    Affected: 6.6.7
    Affected: 6.6.7.1
    Affected: 6.6.7.2
    Affected: 6.7.0
    Affected: 6.7.0.1
    Affected: 6.7.0.2
    Affected: 6.7.0.3
    Affected: 7.0.0
    Affected: 7.0.0.1
    Affected: 7.0.1
    Affected: 7.0.1.1
    Affected: 7.0.2
    Affected: 7.0.2.1
    Affected: 7.0.3
    Affected: 7.0.4
    Affected: 7.0.5
    Affected: 7.0.6
    Affected: 7.0.6.1
    Affected: 7.0.6.2
    Affected: 7.1.0
    Affected: 7.1.0.1
    Affected: 7.1.0.2
    Affected: 7.1.0.3
    Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.2.2
    Affected: 7.2.0.1
    Affected: 7.2.3
    Affected: 7.2.3.1
    Affected: 7.2.4
    Affected: 7.2.4.1
    Affected: 7.2.5
    Affected: 7.2.5.1
    Affected: 7.2.6
    Affected: 7.2.7
    Affected: 7.2.5.2
    Affected: 7.2.8
    Affected: 7.2.8.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.3.1.1
    Affected: 7.3.1.2
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.4.1.1
    Create a notification for this product.
    Cisco Cisco Firepower Threat Defense Software Affected: 6.6.5.1
    Affected: 6.6.7
    Affected: 6.4.0.4
    Affected: 6.4.0.10
    Affected: 6.4.0.12
    Affected: 6.4.0.14
    Affected: 6.4.0.16
    Affected: 6.4.0.18
    Affected: 6.7.0.2
    Affected: 7.1.0.1
    Affected: 7.1.0.3
    Affected: 7.2.2
    Affected: 7.4.1
    Create a notification for this product.
    cisco firepower_management_center Affected: 6.2.3 , ≤ 6.2.3.18 (custom)
    Affected: 6.4.0 , ≤ 6.4.0.18 (custom)
    Affected: 6.6.0 , ≤ 6.6.7.2 (custom)
    Affected: 6.7.0 , ≤ 6.7.0.3 (custom)
    Affected: 7.0.0 , ≤ 7.0.6.2 (custom)
    Affected: 7.1.0 , ≤ 7.1.0.3 (custom)
    Affected: 7.2.0 , ≤ 7.2.8.1 (custom)
    Affected: 7.3.0 , ≤ 7.3.1.2 (custom)
    Affected: 7.4.0 , ≤ 7.4.1.1 (custom)
        cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco firepower_threat_defense_software Affected: 6.4.0.4 , ≤ 6.4.0.18 (custom)
    Affected: 6.6.5.1 , ≤ 6.6.7 (custom)
    Affected: 6.7.0.2
    Affected: 7.1.0.1 , ≤ 7.1.0.3 (custom)
    Affected: 7.2.2
    Affected: 7.4.1
        cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "firepower_management_center",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "6.2.3.18",
                    "status": "affected",
                    "version": "6.2.3",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "6.4.0.18",
                    "status": "affected",
                    "version": "6.4.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "6.6.7.2",
                    "status": "affected",
                    "version": "6.6.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "6.7.0.3",
                    "status": "affected",
                    "version": "6.7.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "7.0.6.2",
                    "status": "affected",
                    "version": "7.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "7.1.0.3",
                    "status": "affected",
                    "version": "7.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "7.2.8.1",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "7.3.1.2",
                    "status": "affected",
                    "version": "7.3.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "7.4.1.1",
                    "status": "affected",
                    "version": "7.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "firepower_threat_defense_software",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.0.18",
                    "status": "affected",
                    "version": "6.4.0.4",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "6.6.7",
                    "status": "affected",
                    "version": "6.6.5.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "6.7.0.2"
                  },
                  {
                    "lessThanOrEqual": "7.1.0.3",
                    "status": "affected",
                    "version": "7.1.0.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "7.2.2"
                  },
                  {
                    "status": "affected",
                    "version": "7.4.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20388",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T18:45:56.491861Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T16:24:24.678Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Firepower Management Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.2"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.4"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.7"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.11"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.12"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.13"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.15"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.8"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.16"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.17"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.18"
                },
                {
                  "status": "affected",
                  "version": "6.4.0"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.3"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.8"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.9"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.10"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.11"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.12"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.13"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.14"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.15"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.16"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.17"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.18"
                },
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.3"
                },
                {
                  "status": "affected",
                  "version": "6.6.4"
                },
                {
                  "status": "affected",
                  "version": "6.6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "6.6.7"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "7.0.6"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.4"
                },
                {
                  "status": "affected",
                  "version": "7.2.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.6"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.8"
                },
                {
                  "status": "affected",
                  "version": "7.2.8.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.1"
                }
              ]
            },
            {
              "product": "Cisco Firepower Threat Defense Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.7"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.10"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.12"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.14"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.16"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.18"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.2"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device.\r\n\r This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-202",
                  "description": "Exposure of Sensitive Information Through Data Queries",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T17:35:24.772Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-fmc-xss-infodisc-RL4mJFer",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer"
            }
          ],
          "source": {
            "advisory": "cisco-sa-fmc-xss-infodisc-RL4mJFer",
            "defects": [
              "CSCwj03056"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20388",
        "datePublished": "2024-10-23T17:35:24.772Z",
        "dateReserved": "2023-11-08T15:08:07.658Z",
        "dateUpdated": "2024-10-24T16:24:24.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20387 (GCVE-0-2024-20387)

    Vulnerability from cvelistv5 – Published: 2024-10-23 17:34 – Updated: 2024-10-24 17:01
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to conduct a stored XSS attack on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Firepower Management Center Affected: 6.2.3.17
    Affected: 6.2.3.18
    Affected: 6.4.0.13
    Affected: 6.4.0.14
    Affected: 6.4.0.15
    Affected: 6.4.0.16
    Affected: 6.4.0.17
    Affected: 6.4.0.18
    Affected: 6.6.0
    Affected: 6.6.0.1
    Affected: 6.6.1
    Affected: 6.6.3
    Affected: 6.6.4
    Affected: 6.6.5
    Affected: 6.6.5.1
    Affected: 6.6.5.2
    Affected: 6.6.7
    Affected: 6.6.7.1
    Affected: 6.6.7.2
    Affected: 7.0.6
    Affected: 7.0.6.1
    Affected: 7.0.6.2
    Affected: 7.2.4
    Affected: 7.2.4.1
    Affected: 7.2.5
    Affected: 7.2.5.1
    Affected: 7.2.6
    Affected: 7.2.7
    Affected: 7.2.5.2
    Affected: 7.2.8
    Affected: 7.2.8.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.3.1.1
    Affected: 7.3.1.2
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.4.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20387",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T17:01:27.605090Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T17:01:38.658Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Firepower Management Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.3.17"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.18"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.13"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.14"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.15"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.16"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.17"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.18"
                },
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.3"
                },
                {
                  "status": "affected",
                  "version": "6.6.4"
                },
                {
                  "status": "affected",
                  "version": "6.6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "6.6.7"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.6"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.4"
                },
                {
                  "status": "affected",
                  "version": "7.2.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.6"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.8"
                },
                {
                  "status": "affected",
                  "version": "7.2.8.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to conduct a stored XSS attack on an affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T17:34:18.768Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-fmc-xss-infodisc-RL4mJFer",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer"
            }
          ],
          "source": {
            "advisory": "cisco-sa-fmc-xss-infodisc-RL4mJFer",
            "defects": [
              "CSCwi99692"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20387",
        "datePublished": "2024-10-23T17:34:18.768Z",
        "dateReserved": "2023-11-08T15:08:07.658Z",
        "dateUpdated": "2024-10-24T17:01:38.658Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20386 (GCVE-0-2024-20386)

    Vulnerability from cvelistv5 – Published: 2024-10-23 17:33 – Updated: 2024-10-24 17:47
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Firepower Management Center Affected: 6.2.3
    Affected: 6.2.3.1
    Affected: 6.2.3.2
    Affected: 6.2.3.3
    Affected: 6.2.3.4
    Affected: 6.2.3.5
    Affected: 6.2.3.6
    Affected: 6.2.3.7
    Affected: 6.2.3.9
    Affected: 6.2.3.10
    Affected: 6.2.3.11
    Affected: 6.2.3.12
    Affected: 6.2.3.13
    Affected: 6.2.3.14
    Affected: 6.2.3.15
    Affected: 6.2.3.8
    Affected: 6.2.3.16
    Affected: 6.2.3.17
    Affected: 6.2.3.18
    Affected: 6.4.0
    Affected: 6.4.0.1
    Affected: 6.4.0.3
    Affected: 6.4.0.2
    Affected: 6.4.0.4
    Affected: 6.4.0.5
    Affected: 6.4.0.6
    Affected: 6.4.0.7
    Affected: 6.4.0.8
    Affected: 6.4.0.9
    Affected: 6.4.0.10
    Affected: 6.4.0.11
    Affected: 6.4.0.12
    Affected: 6.4.0.13
    Affected: 6.4.0.14
    Affected: 6.4.0.15
    Affected: 6.4.0.16
    Affected: 6.4.0.17
    Affected: 6.4.0.18
    Affected: 6.6.0
    Affected: 6.6.0.1
    Affected: 6.6.1
    Affected: 6.6.3
    Affected: 6.6.4
    Affected: 6.6.5
    Affected: 6.6.5.1
    Affected: 6.6.5.2
    Affected: 6.6.7
    Affected: 6.6.7.1
    Affected: 6.6.7.2
    Affected: 6.7.0
    Affected: 6.7.0.1
    Affected: 6.7.0.2
    Affected: 6.7.0.3
    Affected: 7.0.0
    Affected: 7.0.0.1
    Affected: 7.0.1
    Affected: 7.0.1.1
    Affected: 7.0.2
    Affected: 7.0.2.1
    Affected: 7.0.3
    Affected: 7.0.4
    Affected: 7.0.5
    Affected: 7.0.6
    Affected: 7.0.6.1
    Affected: 7.0.6.2
    Affected: 7.1.0
    Affected: 7.1.0.1
    Affected: 7.1.0.2
    Affected: 7.1.0.3
    Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.2.2
    Affected: 7.2.0.1
    Affected: 7.2.3
    Affected: 7.2.3.1
    Affected: 7.2.4
    Affected: 7.2.4.1
    Affected: 7.2.5
    Affected: 7.2.5.1
    Affected: 7.2.6
    Affected: 7.2.7
    Affected: 7.2.5.2
    Affected: 7.2.8
    Affected: 7.2.8.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.3.1.1
    Affected: 7.3.1.2
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.4.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20386",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T18:39:51.098498Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T17:47:24.943Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Firepower Management Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.2"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.4"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.7"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.11"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.12"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.13"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.15"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.8"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.16"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.17"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.18"
                },
                {
                  "status": "affected",
                  "version": "6.4.0"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.3"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.8"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.9"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.10"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.11"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.12"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.13"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.14"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.15"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.16"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.17"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.18"
                },
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.3"
                },
                {
                  "status": "affected",
                  "version": "6.6.4"
                },
                {
                  "status": "affected",
                  "version": "6.6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "6.6.7"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "7.0.6"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.4"
                },
                {
                  "status": "affected",
                  "version": "7.2.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.6"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.8"
                },
                {
                  "status": "affected",
                  "version": "7.2.8.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T17:33:02.801Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-fmc-xss-dhJxQYZs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-fmc-xss-dhJxQYZs",
            "defects": [
              "CSCwj19632"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20386",
        "datePublished": "2024-10-23T17:33:02.801Z",
        "dateReserved": "2023-11-08T15:08:07.658Z",
        "dateUpdated": "2024-10-24T17:47:24.943Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20379 (GCVE-0-2024-20379)

    Vulnerability from cvelistv5 – Published: 2024-10-23 17:30 – Updated: 2024-10-23 19:40
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-36 - Absolute Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Firepower Management Center Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.3.1.1
    Affected: 7.3.1.2
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.4.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20379",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T18:46:31.621999Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T19:40:09.040Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Firepower Management Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-36",
                  "description": "Absolute Path Traversal",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T17:30:52.502Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-fmc-file-read-5q4mQRn",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-file-read-5q4mQRn"
            }
          ],
          "source": {
            "advisory": "cisco-sa-fmc-file-read-5q4mQRn",
            "defects": [
              "CSCwi78547"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20379",
        "datePublished": "2024-10-23T17:30:52.502Z",
        "dateReserved": "2023-11-08T15:08:07.656Z",
        "dateUpdated": "2024-10-23T19:40:09.040Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20372 (GCVE-0-2024-20372)

    Vulnerability from cvelistv5 – Published: 2024-10-23 17:29 – Updated: 2024-10-24 17:47
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Firepower Management Center Affected: 6.2.3
    Affected: 6.2.3.1
    Affected: 6.2.3.2
    Affected: 6.2.3.3
    Affected: 6.2.3.4
    Affected: 6.2.3.5
    Affected: 6.2.3.6
    Affected: 6.2.3.7
    Affected: 6.2.3.9
    Affected: 6.2.3.10
    Affected: 6.2.3.11
    Affected: 6.2.3.12
    Affected: 6.2.3.13
    Affected: 6.2.3.14
    Affected: 6.2.3.15
    Affected: 6.2.3.8
    Affected: 6.2.3.16
    Affected: 6.2.3.17
    Affected: 6.2.3.18
    Affected: 6.4.0
    Affected: 6.4.0.1
    Affected: 6.4.0.3
    Affected: 6.4.0.2
    Affected: 6.4.0.4
    Affected: 6.4.0.5
    Affected: 6.4.0.6
    Affected: 6.4.0.7
    Affected: 6.4.0.8
    Affected: 6.4.0.9
    Affected: 6.4.0.10
    Affected: 6.4.0.11
    Affected: 6.4.0.12
    Affected: 6.4.0.13
    Affected: 6.4.0.14
    Affected: 6.4.0.15
    Affected: 6.4.0.16
    Affected: 6.4.0.17
    Affected: 6.4.0.18
    Affected: 6.6.0
    Affected: 6.6.0.1
    Affected: 6.6.1
    Affected: 6.6.3
    Affected: 6.6.4
    Affected: 6.6.5
    Affected: 6.6.5.1
    Affected: 6.6.5.2
    Affected: 6.6.7
    Affected: 6.6.7.1
    Affected: 6.6.7.2
    Affected: 6.7.0
    Affected: 6.7.0.1
    Affected: 6.7.0.2
    Affected: 6.7.0.3
    Affected: 7.0.0
    Affected: 7.0.0.1
    Affected: 7.0.1
    Affected: 7.0.1.1
    Affected: 7.0.2
    Affected: 7.0.2.1
    Affected: 7.0.3
    Affected: 7.0.4
    Affected: 7.0.5
    Affected: 7.0.6
    Affected: 7.0.6.1
    Affected: 7.0.6.2
    Affected: 7.1.0
    Affected: 7.1.0.1
    Affected: 7.1.0.2
    Affected: 7.1.0.3
    Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.2.2
    Affected: 7.2.0.1
    Affected: 7.2.3
    Affected: 7.2.3.1
    Affected: 7.2.4
    Affected: 7.2.4.1
    Affected: 7.2.5
    Affected: 7.2.5.1
    Affected: 7.2.6
    Affected: 7.2.7
    Affected: 7.2.5.2
    Affected: 7.2.8
    Affected: 7.2.8.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.3.1.1
    Affected: 7.3.1.2
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.4.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20372",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T18:39:53.652335Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T17:47:41.964Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Firepower Management Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.2"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.4"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.7"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.11"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.12"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.13"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.15"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.8"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.16"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.17"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.18"
                },
                {
                  "status": "affected",
                  "version": "6.4.0"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.3"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.8"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.9"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.10"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.11"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.12"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.13"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.14"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.15"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.16"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.17"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.18"
                },
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.3"
                },
                {
                  "status": "affected",
                  "version": "6.6.4"
                },
                {
                  "status": "affected",
                  "version": "6.6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "6.6.7"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.7.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "7.0.6"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.4"
                },
                {
                  "status": "affected",
                  "version": "7.2.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.6"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.8"
                },
                {
                  "status": "affected",
                  "version": "7.2.8.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T17:29:39.644Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-fmc-xss-dhJxQYZs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-fmc-xss-dhJxQYZs",
            "defects": [
              "CSCwi78593",
              "CSCwi78594"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20372",
        "datePublished": "2024-10-23T17:29:39.644Z",
        "dateReserved": "2023-11-08T15:08:07.654Z",
        "dateUpdated": "2024-10-24T17:47:41.964Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }