CVE-2024-20412

Published: Oct 23, 2024Modified: Nov 5, 2024

8.4

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.5 / Impact: 5.9

Source: NVD

Description

A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to access the affected system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable to boot to the operating system, requiring a reimage of the device.

Affected (23)

Products: Cisco: Firepower Threat Defense

Cisco

1 product

Firepower Threat Defense

Configuration A

23 vulnerable · 21 platform

Vulnerable Software	Affected Versions
Cisco Firepower Threat Defense	Version 7.1.0.1
Cisco Firepower Threat Defense	Version 7.1.0.2
Cisco Firepower Threat Defense	Version 7.1.0.3
Cisco Firepower Threat Defense	Version 7.1.0
Cisco Firepower Threat Defense	Version 7.2.0.1
Cisco Firepower Threat Defense	Version 7.2.0
Cisco Firepower Threat Defense	Version 7.2.1
Cisco Firepower Threat Defense	Version 7.2.2
Cisco Firepower Threat Defense	Version 7.2.3
Cisco Firepower Threat Defense	Version 7.2.4.1
Cisco Firepower Threat Defense	Version 7.2.4
Cisco Firepower Threat Defense	Version 7.2.5.1
Cisco Firepower Threat Defense	Version 7.2.5.2
Cisco Firepower Threat Defense	Version 7.2.5
Cisco Firepower Threat Defense	Version 7.2.6
Cisco Firepower Threat Defense	Version 7.2.7
Cisco Firepower Threat Defense	Version 7.3.0
Cisco Firepower Threat Defense	Version 7.3.1.1
Cisco Firepower Threat Defense	Version 7.3.1.2
Cisco Firepower Threat Defense	Version 7.3.1
Cisco Firepower Threat Defense	Version 7.4.0
Cisco Firepower Threat Defense	Version 7.4.1.1
Cisco Firepower Threat Defense	Version 7.4.1

Running on/with	Platform Versions
Cisco Firepower 1000	All versions
Cisco Firepower 1010	All versions
Cisco Firepower 1020	All versions
Cisco Firepower 1030	All versions
Cisco Firepower 1040	All versions
Cisco Firepower 1120	All versions
Cisco Firepower 1140	All versions
Cisco Firepower 1150	All versions
Cisco Firepower 2100	All versions
Cisco Firepower 2110	All versions
Cisco Firepower 2120	All versions
Cisco Firepower 2130	All versions
Cisco Firepower 2140	All versions
Cisco Firepower 3105	All versions
Cisco Firepower 3110	All versions
Cisco Firepower 3120	All versions
Cisco Firepower 3130	All versions
Cisco Firepower 3140	All versions
Cisco Firepower 4215	All versions
Cisco Firepower 4225	All versions
Cisco Firepower 4245	All versions

Related CWEs

CWE-259

Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (1)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5

Source: psirt@cisco.com

Vendor Advisory

Timeline

No history available yet.