How severe is CVE-2024-20424?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.9 out of 10.

What type of vulnerability is CVE-2024-20424?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2024-20424

CRITICAL Year: 2024

CVSS v3 Score

9.9

Critical

Weakness Type

CWE-78

View all →

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient input validation of certain HTTP requests. An attacker could exploit this vulnerability by authenticating to the web-based management interface of an affected device and then sending a crafted HTTP request to the device. A successful exploit could allow the attacker to execute arbitrary commands with root permissions on the underlying operating system of the Cisco FMC device or to execute commands on managed Cisco Firepower Threat Defense (FTD) devices. To exploit this vulnerability, the attacker would need valid credentials for a user account with at least the role of Security Analyst (Read Only).

CVE-2017-1253

CRITICAL

CVSS:9.9(Critical)

IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability...

CWE-782017

CVE-2017-2866

CRITICAL

CVSS:9.9(Critical)

An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP req...

CWE-782017

CVE-2017-2890

CRITICAL

CVSS:9.9(Critical)

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attac...

CWE-782017

CVE-2017-2917

CRITICAL

CVSS:9.9(Critical)

An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker ca...

CWE-782017

CVE-2017-7175

CRITICAL

CVSS:9.9(Critical)

NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field).

CWE-782017

CVE-2017-8220

CRITICAL

CVSS:9.9(Critical)

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP PO...

CWE-782017

CVE-2024-20424

Vulnerability Description

Related Vulnerabilities

CVE-2017-1253

CVE-2017-2866

CVE-2017-2890

CVE-2017-2917

CVE-2017-7175

CVE-2017-8220