CVE-2024-20388

July 4, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2024-20388
Type cve
Published 2024-10-23T17:35:24.772Z
Modified 2024-10-24T16:24:24.678Z

Product Information

Vendor Cisco
Product Cisco Firepower Management Center
Version 6.2.3

CVSS Information

Base Score 5.3 (MEDIUM)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

  • Cisco Cisco Firepower Management Center 6.2.3
  • Cisco Cisco Firepower Management Center 6.2.3.1
  • Cisco Cisco Firepower Management Center 6.2.3.2
  • Cisco Cisco Firepower Management Center 6.2.3.3
  • Cisco Cisco Firepower Management Center 6.2.3.4
  • Cisco Cisco Firepower Management Center 6.2.3.5
  • Cisco Cisco Firepower Management Center 6.2.3.6
  • Cisco Cisco Firepower Management Center 6.2.3.7
  • Cisco Cisco Firepower Management Center 6.2.3.9
  • Cisco Cisco Firepower Management Center 6.2.3.10
  • Cisco Cisco Firepower Management Center 6.2.3.11
  • Cisco Cisco Firepower Management Center 6.2.3.12
  • Cisco Cisco Firepower Management Center 6.2.3.13
  • Cisco Cisco Firepower Management Center 6.2.3.14
  • Cisco Cisco Firepower Management Center 6.2.3.15
  • Cisco Cisco Firepower Management Center 6.2.3.8
  • Cisco Cisco Firepower Management Center 6.2.3.16
  • Cisco Cisco Firepower Management Center 6.2.3.17
  • Cisco Cisco Firepower Management Center 6.2.3.18
  • Cisco Cisco Firepower Management Center 6.4.0
  • Cisco Cisco Firepower Management Center 6.4.0.1
  • Cisco Cisco Firepower Management Center 6.4.0.3
  • Cisco Cisco Firepower Management Center 6.4.0.2
  • Cisco Cisco Firepower Management Center 6.4.0.4
  • Cisco Cisco Firepower Management Center 6.4.0.5
  • Cisco Cisco Firepower Management Center 6.4.0.6
  • Cisco Cisco Firepower Management Center 6.4.0.7
  • Cisco Cisco Firepower Management Center 6.4.0.8
  • Cisco Cisco Firepower Management Center 6.4.0.9
  • Cisco Cisco Firepower Management Center 6.4.0.10
  • Cisco Cisco Firepower Management Center 6.4.0.11
  • Cisco Cisco Firepower Management Center 6.4.0.12
  • Cisco Cisco Firepower Management Center 6.4.0.13
  • Cisco Cisco Firepower Management Center 6.4.0.14
  • Cisco Cisco Firepower Management Center 6.4.0.15
  • Cisco Cisco Firepower Management Center 6.4.0.16
  • Cisco Cisco Firepower Management Center 6.4.0.17
  • Cisco Cisco Firepower Management Center 6.4.0.18
  • Cisco Cisco Firepower Management Center 6.6.0
  • Cisco Cisco Firepower Management Center 6.6.0.1
  • Cisco Cisco Firepower Management Center 6.6.1
  • Cisco Cisco Firepower Management Center 6.6.3
  • Cisco Cisco Firepower Management Center 6.6.4
  • Cisco Cisco Firepower Management Center 6.6.5
  • Cisco Cisco Firepower Management Center 6.6.5.1
  • Cisco Cisco Firepower Management Center 6.6.5.2
  • Cisco Cisco Firepower Management Center 6.6.7
  • Cisco Cisco Firepower Management Center 6.6.7.1
  • Cisco Cisco Firepower Management Center 6.6.7.2
  • Cisco Cisco Firepower Management Center 6.7.0
  • Cisco Cisco Firepower Management Center 6.7.0.1
  • Cisco Cisco Firepower Management Center 6.7.0.2
  • Cisco Cisco Firepower Management Center 6.7.0.3
  • Cisco Cisco Firepower Management Center 7.0.0
  • Cisco Cisco Firepower Management Center 7.0.0.1
  • Cisco Cisco Firepower Management Center 7.0.1
  • Cisco Cisco Firepower Management Center 7.0.1.1
  • Cisco Cisco Firepower Management Center 7.0.2
  • Cisco Cisco Firepower Management Center 7.0.2.1
  • Cisco Cisco Firepower Management Center 7.0.3
  • Cisco Cisco Firepower Management Center 7.0.4
  • Cisco Cisco Firepower Management Center 7.0.5
  • Cisco Cisco Firepower Management Center 7.0.6
  • Cisco Cisco Firepower Management Center 7.0.6.1
  • Cisco Cisco Firepower Management Center 7.0.6.2
  • Cisco Cisco Firepower Management Center 7.1.0
  • Cisco Cisco Firepower Management Center 7.1.0.1
  • Cisco Cisco Firepower Management Center 7.1.0.2
  • Cisco Cisco Firepower Management Center 7.1.0.3
  • Cisco Cisco Firepower Management Center 7.2.0
  • Cisco Cisco Firepower Management Center 7.2.1
  • Cisco Cisco Firepower Management Center 7.2.2
  • Cisco Cisco Firepower Management Center 7.2.0.1
  • Cisco Cisco Firepower Management Center 7.2.3
  • Cisco Cisco Firepower Management Center 7.2.3.1
  • Cisco Cisco Firepower Management Center 7.2.4
  • Cisco Cisco Firepower Management Center 7.2.4.1
  • Cisco Cisco Firepower Management Center 7.2.5
  • Cisco Cisco Firepower Management Center 7.2.5.1
  • Cisco Cisco Firepower Management Center 7.2.6
  • Cisco Cisco Firepower Management Center 7.2.7
  • Cisco Cisco Firepower Management Center 7.2.5.2
  • Cisco Cisco Firepower Management Center 7.2.8
  • Cisco Cisco Firepower Management Center 7.2.8.1
  • Cisco Cisco Firepower Management Center 7.3.0
  • Cisco Cisco Firepower Management Center 7.3.1
  • Cisco Cisco Firepower Management Center 7.3.1.1
  • Cisco Cisco Firepower Management Center 7.3.1.2
  • Cisco Cisco Firepower Management Center 7.4.0
  • Cisco Cisco Firepower Management Center 7.4.1
  • Cisco Cisco Firepower Management Center 7.4.1.1
  • Cisco Cisco Firepower Threat Defense Software 6.6.5.1
  • Cisco Cisco Firepower Threat Defense Software 6.6.7
  • Cisco Cisco Firepower Threat Defense Software 6.4.0.4
  • Cisco Cisco Firepower Threat Defense Software 6.4.0.10
  • Cisco Cisco Firepower Threat Defense Software 6.4.0.12
  • Cisco Cisco Firepower Threat Defense Software 6.4.0.14
  • Cisco Cisco Firepower Threat Defense Software 6.4.0.16
  • Cisco Cisco Firepower Threat Defense Software 6.4.0.18
  • Cisco Cisco Firepower Threat Defense Software 6.7.0.2
  • Cisco Cisco Firepower Threat Defense Software 7.1.0.1
  • Cisco Cisco Firepower Threat Defense Software 7.1.0.3
  • Cisco Cisco Firepower Threat Defense Software 7.2.2
  • Cisco Cisco Firepower Threat Defense Software 7.4.1

Additional Information

Source cisco

Description

A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device.

This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.