Cisco FMC (formerly Firepower Management Center) vulnerability CVE-2024-20424 allows root command execution remotely, posing a severe security risk. Take action now to secure your systems.

Greenwill Solution is notifying organizations of a critical vulnerability in Cisco Secure Firewall Management Center (FMC), formerly known as Firepower Management Center. Identified as CVE-2024-20424, this vulnerability has a CVSS score of 9.9, indicating a severe risk. The flaw allows authenticated remote attackers with at least Security Analyst (Read Only) privileges to execute arbitrary commands as root on the underlying operating system. Due to inadequate input validation in the FMC’s web-based management interface, attackers can exploit this vulnerability by sending crafted HTTP requests.

Vulnerable Versions and SolutionThis vulnerability affects Cisco FMC Software, regardless of device configuration. To address this issue, Cisco has released its Cisco Software Checker tool, enabling users to identify impacted versions and determine the fixed release. Access the tool here to verify your version status and refer to Cisco’s Security Advisory for further details.

Upgrading to a secure version is highly recommended to prevent attackers from exploiting this vulnerability. Greenwill Solution offers Patch Management services to support organizations in securing critical vulnerabilities effectively. Contact us today to schedule a consultation and protect your infrastructure from this significant threat.