CVE-2024-20388

Severity

53%

Complexity

39%

Confidentiality

23%

A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset.

CVSS 3.1 Base Score 5.3. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Overview

Type

Cisco

First reported 4 months ago

2024-10-23 18:15:00

Last updated 2 months ago

2024-11-26 16:09:00

Affected Software

Cisco Firepower Management Center (FMC) 6.2.3

6.2.3

Cisco FirePOWER Management Center 6.2.3.6

6.2.3.6

Cisco Firepower Management Center (FMC) 6.4.0

6.4.0

Cisco Firepower Management Center (FMC) 6.2.3.1

6.2.3.1

Cisco Firepower Management Center (FMC) 6.2.3.2

6.2.3.2

Cisco Firepower Management Center (FMC) 6.2.3.10

6.2.3.10

Cisco Firepower Management Center (FMC) 6.2.3.3

6.2.3.3

Cisco Firepower Management Center (FMC) 6.2.3.4

6.2.3.4

Cisco Firepower Management Center (FMC) 6.2.3.5

6.2.3.5

Cisco Firepower Management Center (FMC) 6.2.3.7

6.2.3.7

Cisco Firepower Management Center (FMC) 6.2.3.9

6.2.3.9

Cisco Firepower Management Center (FMC) 6.2.3.11

6.2.3.11

Cisco Firepower Management Center (FMC) 6.2.3.12

6.2.3.12

Cisco Firepower Management Center (FMC) 6.2.3.13

6.2.3.13

Cisco Firepower Management Center (FMC) 6.2.3.14

6.2.3.14

Cisco Firepower Management Center (FMC) 6.2.3.15

6.2.3.15

Cisco Firepower Management Center (FMC) 6.4.0.1

6.4.0.1

Cisco Firepower Management Center (FMC) 6.4.0.2

6.4.0.2

Cisco Firepower Management Center (FMC) 6.4.0.3

6.4.0.3

Cisco Firepower Management Center (FMC) 6.4.0.4

6.4.0.4

Cisco Firepower Management Center (FMC) 6.4.0.5

6.4.0.5

Cisco Firepower Management Center (FMC) 6.4.0.7

6.4.0.7

Cisco Firepower Management Center (FMC) 6.4.0.8

6.4.0.8

Cisco Firepower Threat Defense (FTD) 6.4.0.4

6.4.0.4

References

cisco-sa-fmc-xss-infodisc-RL4mJFer

cisco-sa-fmc-xss-infodisc-RL4mJFer

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.