Cisco Secure Firewall Management Center Software SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software. This vulnerability allows an authenticated, remote attacker to manipulate database queries, potentially leading to unauthorized access to the database and certain files on the underlying operating system. The issue arises from insufficient validation of user input, and exploitation requires valid user credentials.

Impact

Exploitation of this vulnerability could grant the attacker full access to the database and the ability to read specific files from the operating system.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading to the fixed software version can be found on the Cisco Support and Downloads page. Customers without a Cisco service contract should contact the Cisco Technical Assistance Center (TAC) for assistance.