CVE-2024-20388 — MEDIUM (5.3)

Vulnerability Description

A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Firepower Management Center	6.4.0.17
Cisco	Secure Firewall Management Center	6.2.3
Cisco	Firepower Threat Defense	6.4.0.4

Related Weaknesses (CWE)

CWE-202

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory

FAQ

What is CVE-2024-20388?

CVE-2024-20388 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. ...

How severe is CVE-2024-20388?

CVE-2024-20388 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-20388?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Firepower Management Center, Cisco Secure Firewall Management Center, Cisco Firepower Threat Defense.