{"vulnerability": "cve-2024-2047", "sightings": [{"uuid": "5894e254-bfdd-4189-ae9c-f06150bf5549", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20476", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113436958765875113", "content": "", "creation_timestamp": "2024-11-06T16:30:32.734174Z"}, {"uuid": "01eb23b2-24a5-49ef-a960-611cf5912df5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20476", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113442108664352339", "content": "", "creation_timestamp": "2024-11-07T14:20:07.767982Z"}, {"uuid": "f50cd3fa-7f49-40d5-ad13-33579ea80e84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20476", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113442108664352339", "content": "", "creation_timestamp": "2024-11-07T14:20:08.282186Z"}, {"uuid": "01889d7b-2e87-4e0c-91a7-a608c7bc9c16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20476", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113442108664352339", "content": "", "creation_timestamp": "2024-11-07T14:20:08.678318Z"}, {"uuid": "d5c2cf42-f763-44dc-ab66-831716f1d2d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20471", "type": "seen", "source": "https://t.me/cvedetector/8754", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20471 - Cisco Secure Firewall Management Center (FMC) SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-20471 \nPublished : Oct. 23, 2024, 6:15 p.m. | 27\u00a0minutes ago \nDescription : A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.  \n  \n This vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit this vulnerability by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain unauthorized data from the database and make changes to the system. To exploit this vulnerability, an attacker would need Administrator-level privileges. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T20:45:11.000000Z"}, {"uuid": "d28ceb45-5973-4d03-ae8f-452732eae6e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2047", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3miz3gn3by32q", "content": "", "creation_timestamp": "2026-04-08T20:00:16.863261Z"}, {"uuid": "4832d987-c6ac-4294-8c16-9d825f560520", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20474", "type": "seen", "source": "https://t.me/cvedetector/8752", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20474 - Cisco Secure Client IKEv2 Integer Underflow Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2024-20474 \nPublished : Oct. 23, 2024, 6:15 p.m. | 27\u00a0minutes ago \nDescription : A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client.  \n  \n This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software.  \n  \n Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T20:45:06.000000Z"}, {"uuid": "adc10e66-0d9f-4e42-8370-02bec7bc0212", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20473", "type": "seen", "source": "https://t.me/cvedetector/8751", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20473 - Cisco Secure Firewall Management Center Web-Based Management Interface SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-20473 \nPublished : Oct. 23, 2024, 6:15 p.m. | 27\u00a0minutes ago \nDescription : A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.  \n  \nThis vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit this vulnerability by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain unauthorized data from the database and make changes to the system. To exploit this vulnerability, an attacker would need Administrator-level privileges. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T20:45:05.000000Z"}, {"uuid": "50fea9a6-69bf-40c1-904a-f5d56d94703c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20472", "type": "seen", "source": "https://t.me/cvedetector/8750", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20472 - Cisco Secure Firewall Management Center FMC SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-20472 \nPublished : Oct. 23, 2024, 6:15 p.m. | 27\u00a0minutes ago \nDescription : A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.  \n  \nThis vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit this vulnerability by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain unauthorized data from the database and make changes to the system. To exploit this vulnerability, an attacker would need Administrator-level privileges. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T20:45:05.000000Z"}, {"uuid": "8f5d9056-a646-4e93-b471-20e5b14e76fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20470", "type": "seen", "source": "https://t.me/cvedetector/6858", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20470 - \"Cisco Small Business RV Router Authenticated Remote Code Execution\"\", \n  \"Content\": \"CVE ID : CVE-2024-20470 \nPublished : Oct. 2, 2024, 5:15 p.m. | 23\u00a0minutes ago \nDescription : A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit this vulnerability, the attacker must have valid admin credentials.  \n  \nThis vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-02T19:42:47.000000Z"}, {"uuid": "9cfa4921-ed4a-4cb4-aa5e-be8498c37338", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20475", "type": "seen", "source": "https://t.me/cvedetector/6343", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20475 - \"Cisco Catalyst SD-WAN Manager Cross-Site Scripting (XSS)\"\", \n  \"Content\": \"CVE ID : CVE-2024-20475 \nPublished : Sept. 25, 2024, 5:15 p.m. | 35\u00a0minutes ago \nDescription : A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.  \n  \nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-25T20:13:15.000000Z"}, {"uuid": "3dfa297f-2b26-4a47-b9d1-f0836d5d86c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20477", "type": "seen", "source": "https://t.me/cvedetector/6854", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20477 - \"Cisco NDFC File Access Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-20477 \nPublished : Oct. 2, 2024, 5:15 p.m. | 23\u00a0minutes ago \nDescription : A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device.  \n  \nThis vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to upload files into a specific container or delete files from a specific folder within that container. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-02T19:42:43.000000Z"}, {"uuid": "7801de13-3dc9-4f49-98cc-f3b15b3eb959", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20478", "type": "seen", "source": "https://t.me/cvedetector/4341", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20478 - Cisco APIC/Cisco Cloud Network Controller Signature Validation Arbitrary Code Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-20478 \nPublished : Aug. 28, 2024, 5:15 p.m. | 45\u00a0minutes ago \nDescription : A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco\u00a0Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system.  \n  \nThis vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root.  \nNote: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-28T20:09:01.000000Z"}, {"uuid": "ef533db9-3045-48b8-82e6-f0fc2a71c163", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20479", "type": "seen", "source": "https://t.me/cvedetector/2725", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20479 - Cisco ISE XSS Vulnerability (Authenticated Insufficient Input Validation)\", \n  \"Content\": \"CVE ID : CVE-2024-20479 \nPublished : Aug. 7, 2024, 5:15 p.m. | 42\u00a0minutes ago \nDescription : A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.  \n  \nThis vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have Admin privileges on an affected device. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-07T20:19:53.000000Z"}]}