Login Sign Up

CVE-2024-20374

6.5 MEDIUM
Remote Code Execution

📋 TL;DR

This vulnerability allows authenticated administrators in Cisco Secure Firewall Management Center to execute arbitrary commands as root via crafted HTTP requests due to insufficient input validation. It affects Cisco FMC software with web-based management interfaces. Attackers need administrator credentials to exploit this command injection flaw.

💻 Affected Systems

Products:
  • Cisco Secure Firewall Management Center (FMC)
  • Firepower Management Center
Versions: Specific versions listed in Cisco advisory; check vendor documentation
Operating Systems: Cisco FMC appliance OS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires web management interface access and administrator credentials

📦 What is this software?

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

Secure Firewall Management Center by Cisco

View all CVEs affecting Secure Firewall Management Center →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root-level command execution, allowing data theft, lateral movement, or persistent backdoor installation.

🟠

Likely Case

Privileged attacker with legitimate credentials executes commands to exfiltrate configuration data, modify firewall rules, or disrupt operations.

🟢

If Mitigated

Limited impact due to strong credential protection, network segmentation, and monitoring preventing successful exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires administrator credentials but is straightforward once authenticated

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Cisco advisory for specific fixed versions

Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-2HBkA97G

Restart Required: Yes

Instructions:

1. Review Cisco advisory for affected versions. 2. Download and apply appropriate patch from Cisco. 3. Restart FMC services as required. 4. Verify patch installation.

🔧 Temporary Workarounds

Restrict administrative access

all

Limit administrative interface access to trusted IP addresses only

Configure firewall rules to restrict access to FMC management interface

Credential hardening

all

Implement strong password policies and multi-factor authentication for administrative accounts

Enable MFA in Cisco FMC administration settings

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate FMC management interfaces
  • Enhance monitoring and alerting for unusual administrative activities

🔍 How to Verify

Check if Vulnerable:

Check Cisco FMC software version against affected versions in Cisco advisory

Check Version:

Check version in FMC web interface or via CLI: show version

Verify Fix Applied:

Verify installed version matches or exceeds patched version from Cisco advisory

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP requests to management interface
  • Unexpected command execution logs
  • Administrative account anomalies

Network Indicators:

  • Suspicious HTTP traffic patterns to FMC management ports
  • Unexpected outbound connections from FMC

SIEM Query:

Search for HTTP requests with unusual parameters to FMC management interface from administrative accounts

📊 Metadata

CVE ID: CVE-2024-20374
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-269
Published: October 23, 2024
Last Updated: August 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-20374, you might also want to check these:

CVE-2023-48419 10.0

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victi...

Same vulnerability type (CWE-269)
CVE-2025-20282 10.0

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo...

Same vulnerability type (CWE-269)
CVE-2022-24783 10.0

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks an...

Same vulnerability type (CWE-269)