Home > Security Bulletins > Cisco Firepower and Multiple Critical Vulnerabilities

Cisco Firepower and Multiple Critical Vulnerabilities

Thursday 24th October 2024

Summary

Today and yesterday Cisco published their latest security advisories with 3 critical vulnerabilities, and 35 of lower severities.

The most severe advisories are as follows:

Cisco Firepower Threat Defense Software for Firepower 1000, 2100, 3100, and 4200 Series Static Credential Vulnerability – CVE-2024-20412 (CVSS v3: 9.3 [Critical]) – A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials.

Cisco Secure Firewall Management Center Software Command Injection Vulnerability – CVE-2024-20424 (CVSS v3: 9.9 [Critical]) – A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root.

Cisco Adaptive Security Appliance Software SSH Remote Command Injection Vulnerability – CVE-2024-20329 (CVSS v3: 9.9 [Critical]) – A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root.

Recommendations

Spotit recommends deploying the latest software updates to affected products. Spotit NOC managed devices will be updated by spotit.