A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, an attacker must have a valid account on the device with the role of Security Approver, Intrusion Admin, Access Admin, or Network Admin. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to read the contents of databases on the affected device and also obtain limited read access to the underlying operating system.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Cisco
  • Secure Firewall Management Center

Configuration 1 [-]

OR cpe:2.3:a:cisco:secure_firewall_management_center:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.7:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.8:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.2:*:*:*:*:*:*:*

No data.

References
Link Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-inject-2EnmTC8v cve-icon cve-icon
History

Wed, 04 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Title Cisco Secure Firewall Management Center SQL Injection Vulnerability

Wed, 04 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, an attacker must have a valid account on the device with the role of Security Approver, Intrusion Admin, Access Admin, or Network Admin. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to read the contents of databases on the affected device and also obtain limited read access to the underlying operating system.  A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, an attacker must have a valid account on the device with the role of Security Approver, Intrusion Admin, Access Admin, or Network Admin. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to read the contents of databases on the affected device and also obtain limited read access to the underlying operating system.

Wed, 04 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
References

Wed, 04 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, an attacker must have a valid account on the device with the role of Security Approver, Intrusion Admin, Access Admin, or Network Admin. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to read the contents of databases on the affected device and also obtain limited read access to the underlying operating system. A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, an attacker must have a valid account on the device with the role of Security Approver, Intrusion Admin, Access Admin, or Network Admin. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to read the contents of databases on the affected device and also obtain limited read access to the underlying operating system. 

Fri, 01 Nov 2024 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco secure Firewall Management Center
CPEs cpe:2.3:a:cisco:secure_firewall_management_center:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.7:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.8:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.2:*:*:*:*:*:*:*
Vendors & Products Cisco
Cisco secure Firewall Management Center

Thu, 24 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 23 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, an attacker must have a valid account on the device with the role of Security Approver, Intrusion Admin, Access Admin, or Network Admin. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to read the contents of databases on the affected device and also obtain limited read access to the underlying operating system.
Title Cisco Secure Firewall Management Center SQL Injection Vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2024-10-23T17:09:10.266Z

Updated: 2026-03-04T17:23:41.065Z

Reserved: 2023-11-08T15:08:07.642Z

Link: CVE-2024-20340

cve-icon Vulnrichment

Updated: 2024-10-23T18:51:53.342Z

cve-icon NVD

Status : Modified

Published: 2024-10-23T17:15:18.300

Modified: 2026-03-04T18:16:10.040

Link: CVE-2024-20340

cve-icon Redhat

No data.