CVE-2025-20302

Medium CVSS: 4.3

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain.

This vulnerability is due to missing authorization checks. An attacker could exploit this vulnerability by directly accessing a generated report file for a different domain that is managed on the same Cisco Secure FMC instance. A successful exploit could allow the attacker to access a previously run report for a different domain, which could allow an attacker to read activity recorded in that domain.

Vendor

Cisco

Product

Secure Firewall Management Center

CWE

CWE-862

Yayın Tarihi

2025-08-14 17:15:40

Güncelleme

2025-08-25 14:41:00

Source Identifier

psirt@cisco.com

KEV Date Added

Kategoriler

CWE-862 Secure Firewall Management Center MEDIUM Cisco 2025

Referanslar

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-authz-bypass-M7xhnAu

Benzer Kayıtlar

Critical

CVE-2026-20131

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could al…

Medium

CVE-2026-20149

A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting…

High

CVE-2026-20128

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticat…

Critical

CVE-2026-20129

A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote a…

Medium

CVE-2026-20133

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive infor…

Critical

CVE-2026-20127

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Cat…