CVE-2024-20361

EUVD-2024-18076
A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software. This vulnerability is due to the incorrect deployment of the Object Groups for ACLs feature from Cisco FMC Software to managed FTD devices in high-availability setups. After an affected device is rebooted following Object Groups for ACLs deployment, an attacker can exploit this vulnerability by sending traffic through the affected device. A successful exploit could allow the attacker to bypass configured access controls and successfully send traffic to devices that are expected to be protected by the affected device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
ciscoCNA
5.8 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
ciscosecure_firewall_management_center
7.1.0
ciscosecure_firewall_management_center
7.1.0.1
ciscosecure_firewall_management_center
7.1.0.2
ciscosecure_firewall_management_center
7.1.0.3
ciscosecure_firewall_management_center
7.2.0
ciscosecure_firewall_management_center
7.2.0.1
ciscosecure_firewall_management_center
7.2.1
ciscosecure_firewall_management_center
7.2.2
ciscosecure_firewall_management_center
7.2.3
ciscosecure_firewall_management_center
7.2.3.1
ciscosecure_firewall_management_center
7.3.0
ciscosecure_firewall_management_center
7.3.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
ciscofirepower_management_center
7.1.0
CNA
ciscofirepower_management_center
7.1.0.1
CNA
ciscofirepower_management_center
7.1.0.2
CNA
ciscofirepower_management_center
7.1.0.3
CNA
ciscofirepower_management_center
7.2.0
CNA
ciscofirepower_management_center
7.2.1
CNA
ciscofirepower_management_center
7.2.2
CNA
ciscofirepower_management_center
7.2.0.1
CNA
ciscofirepower_management_center
7.2.3
CNA
ciscofirepower_management_center
7.2.3.1
CNA
ciscofirepower_management_center
7.3.0
CNA
ciscofirepower_management_center
7.3.1
CNA
Common Weakness Enumeration
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-object-bypass-fTH8tDjq
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-object-bypass-fTH8tDjq