製品・ソフトウェアに関する情報
Vulnerability Search
シスコシステムズの Cisco Secure Firewall Management Center における認可・権限・アクセス制御に関する脆弱性
Title シスコシステムズの Cisco Secure Firewall Management Center における認可・権限・アクセス制御に関する脆弱性
Summary

シスコシステムズの Cisco Secure Firewall Management Center には、認可・権限・アクセス制御に関する脆弱性が存在します。

Possible impacts 情報を改ざんされる可能性があります。 
Solution

ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。

Publication Date May 22, 2024, midnight
Registration Date Aug. 8, 2025, 5:18 p.m.
Last Update Aug. 8, 2025, 5:18 p.m.
CVSS3.0 : 警告
Score 5.8
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Affected System
シスコシステムズ
Cisco Secure Firewall Management Center 7.2.0
Cisco Secure Firewall Management Center 7.2.0.1
Cisco Secure Firewall Management Center 7.2.1
Cisco Secure Firewall Management Center 7.2.2
Cisco Secure Firewall Management Center 7.2.3
Cisco Secure Firewall Management Center 7.2.3.1
Cisco Secure Firewall Management Center 7.3.0
Cisco Secure Firewall Management Center 7.3.1
Cisco Secure Firewall Management Center 7.1.0
Cisco Secure Firewall Management Center 7.1.0.1
Cisco Secure Firewall Management Center 7.1.0.2
Cisco Secure Firewall Management Center 7.1.0.3
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
No Changed Details Date of change
1 [2025年08月08日]   掲載 Aug. 8, 2025, 3:29 p.m.
NVD Vulnerability Information
CVE-2024-20361
Summary

A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software. This vulnerability is due to the incorrect deployment of the Object Groups for ACLs feature from Cisco FMC Software to managed FTD devices in high-availability setups. After an affected device is rebooted following Object Groups for ACLs deployment, an attacker can exploit this vulnerability by sending traffic through the affected device. A successful exploit could allow the attacker to bypass configured access controls and successfully send traffic to devices that are expected to be protected by the affected device.

Publication Date May 23, 2024, 2:16 a.m.
Registration Date May 23, 2024, 10 a.m.
Last Update Nov. 21, 2024, 5:52 p.m.
Related information, measures and tools
Common Vulnerabilities List