A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials.
This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to access the affected system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable to boot to the operating system, requiring a reimage of the device.
Metrics
Affected Vendors & Products
References
History
Tue, 05 Nov 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cisco firepower 1000
Cisco firepower 1010 Cisco firepower 1020 Cisco firepower 1030 Cisco firepower 1040 Cisco firepower 1120 Cisco firepower 1140 Cisco firepower 1150 Cisco firepower 2100 Cisco firepower 2110 Cisco firepower 2120 Cisco firepower 2130 Cisco firepower 2140 Cisco firepower 3105 Cisco firepower 3110 Cisco firepower 3120 Cisco firepower 3130 Cisco firepower 3140 Cisco firepower 4215 Cisco firepower 4225 Cisco firepower 4245 Cisco firepower Threat Defense |
|
Weaknesses | CWE-798 | |
CPEs | cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.2.4.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.2.5.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.2.5.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.3.1.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.3.1.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.4.1.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.4.1:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1000:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1020:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1030:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1040:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_2100:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_3105:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_3110:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_3120:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_3130:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_3140:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_4215:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_4225:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_4245:-:*:*:*:*:*:*:* |
|
Vendors & Products |
Cisco firepower 1000
Cisco firepower 1010 Cisco firepower 1020 Cisco firepower 1030 Cisco firepower 1040 Cisco firepower 1120 Cisco firepower 1140 Cisco firepower 1150 Cisco firepower 2100 Cisco firepower 2110 Cisco firepower 2120 Cisco firepower 2130 Cisco firepower 2140 Cisco firepower 3105 Cisco firepower 3110 Cisco firepower 3120 Cisco firepower 3130 Cisco firepower 3140 Cisco firepower 4215 Cisco firepower 4225 Cisco firepower 4245 Cisco firepower Threat Defense |
Thu, 24 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cisco
Cisco firepower Threat Defense Software |
|
CPEs | cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:* | |
Vendors & Products |
Cisco
Cisco firepower Threat Defense Software |
|
Metrics |
ssvc
|
Wed, 23 Oct 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to access the affected system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable to boot to the operating system, requiring a reimage of the device. | |
Weaknesses | CWE-259 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2024-10-23T17:39:04.071Z
Updated: 2024-10-26T03:55:24.066Z
Reserved: 2023-11-08T15:08:07.663Z
Link: CVE-2024-20412
Vulnrichment
Updated: 2024-10-24T15:42:33.250Z
NVD
Status : Analyzed
Published: 2024-10-23T18:15:09.430
Modified: 2024-11-05T15:03:34.777
Link: CVE-2024-20412
Redhat
No data.