CVE-2024-20273

Q: What is the severity of CVE-2024-20273?

CVE-2024-20273 has a CVSS score of 6.1 (MEDIUM). An unauthenticated cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center's web interface allows remote attackers to inject malicious scripts. This could lead to session hijacking, data theft, or unauthorized actions when administrators view compromised pages. All organizations using vulnerable FMC versions are affected.

6.1 MEDIUM

Cross-Site Scripting

📋 TL;DR

An unauthenticated cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center's web interface allows remote attackers to inject malicious scripts. This could lead to session hijacking, data theft, or unauthorized actions when administrators view compromised pages. All organizations using vulnerable FMC versions are affected.

💻 Affected Systems

Products:

Cisco Firepower Management Center

Versions: Multiple versions prior to 7.4.1.2 and 7.6.0.1

Operating Systems: Cisco FMC appliances and virtual appliances

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable if using affected software versions.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains administrative access to FMC, modifies firewall rules, exfiltrates sensitive network data, or deploys malware across managed devices.

🟠

Likely Case

Attacker steals administrator session cookies, gains unauthorized access to the management interface, and performs limited configuration changes.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the management interface without compromising core network security functions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires tricking authenticated users into visiting malicious links or interacting with crafted input.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.4.1.2 or 7.6.0.1

Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO

Restart Required: Yes

Instructions:

1. Backup FMC configuration. 2. Download appropriate patch from Cisco Software Center. 3. Apply patch via FMC web interface or CLI. 4. Reboot system after patch installation.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict access to FMC web interface to trusted IP addresses only

Browser Security Controls

all

Implement Content Security Policy headers and disable JavaScript for untrusted sources

🧯 If You Can't Patch

Implement strict network segmentation to isolate FMC from untrusted networks
Require multi-factor authentication for all administrative access

🔍 How to Verify

Check if Vulnerable:

Check FMC version via web interface: System > Updates > Version Information

Check Version:

show version

Verify Fix Applied:

Verify version is 7.4.1.2 or 7.6.0.1 or later after patching

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests with script tags to FMC interface
Multiple failed login attempts followed by successful access from new IP

Network Indicators:

HTTP traffic to FMC containing suspicious JavaScript payloads
Outbound connections from FMC to unexpected external IPs

SIEM Query:

source="fmc.log" AND (http_uri="*<script*" OR http_uri="*javascript:*")

📊 Metadata

CVE ID: CVE-2024-20273

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: October 23, 2024

Last Updated: October 31, 2024

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco

Secure Firewall Management Center by Cisco