{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20412", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2023-11-08T15:08:07.663Z", "datePublished": "2024-10-23T17:39:04.071Z", "dateUpdated": "2024-10-26T03:55:24.066Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-10-23T17:39:04.071Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials.\r\n\r This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to access the affected system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable to boot to the operating system, requiring a reimage of the device."}], "affected": [{"vendor": "Cisco", "product": "Cisco Firepower Threat Defense Software", "versions": [{"version": "7.1.0", "status": "affected"}, {"version": "7.1.0.1", "status": "affected"}, {"version": "7.1.0.2", "status": "affected"}, {"version": "7.1.0.3", "status": "affected"}, {"version": "7.2.0", "status": "affected"}, {"version": "7.2.0.1", "status": "affected"}, {"version": "7.2.1", "status": "affected"}, {"version": "7.2.2", "status": "affected"}, {"version": "7.2.3", "status": "affected"}, {"version": "7.2.4", "status": "affected"}, {"version": "7.2.4.1", "status": "affected"}, {"version": "7.2.5", "status": "affected"}, {"version": "7.2.5.1", "status": "affected"}, {"version": "7.2.6", "status": "affected"}, {"version": "7.2.7", "status": "affected"}, {"version": "7.2.5.2", "status": "affected"}, {"version": "7.3.0", "status": "affected"}, {"version": "7.3.1", "status": "affected"}, {"version": "7.3.1.1", "status": "affected"}, {"version": "7.3.1.2", "status": "affected"}, {"version": "7.4.0", "status": "affected"}, {"version": "7.4.1", "status": "affected"}, {"version": "7.4.1.1", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use of Hard-coded Password", "type": "cwe", "cweId": "CWE-259"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5", "name": "cisco-sa-ftd-statcred-dFC8tXT5"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-ftd-statcred-dFC8tXT5", "discovery": "INTERNAL", "defects": ["CSCwk07982"]}}, "adp": [{"affected": [{"vendor": "cisco", "product": "firepower_threat_defense_software", "cpes": ["cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.1.0", "status": "affected", "lessThanOrEqual": "7.1.0.3", "versionType": "custom"}, {"version": "7.2.0", "status": "affected", "lessThanOrEqual": "7.2.7", "versionType": "custom"}, {"version": "7.3.0", "status": "affected", "lessThanOrEqual": "7.3.1.2", "versionType": "custom"}, {"version": "7.4.0", "status": "affected", "lessThanOrEqual": "7.4.1.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-25T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-20412"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-26T03:55:24.066Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-20412", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-23T18:41:13.028528Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "firepower_threat_defense_software", "versions": [{"status": "affected", "version": "7.1.0", "versionType": "custom", "lessThanOrEqual": "7.1.0.3"}, {"status": "affected", "version": "7.2.0", "versionType": "custom", "lessThanOrEqual": "7.2.7"}, {"status": "affected", "version": "7.3.0", "versionType": "custom", "lessThanOrEqual": "7.3.1.2"}, {"status": "affected", "version": "7.4.0", "versionType": "custom", "lessThanOrEqual": "7.4.1.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-24T15:42:33.250Z"}}], "cna": {"source": {"defects": ["CSCwk07982"], "advisory": "cisco-sa-ftd-statcred-dFC8tXT5", "discovery": "INTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Firepower Threat Defense Software", "versions": [{"status": "affected", "version": "7.1.0"}, {"status": "affected", "version": "7.1.0.1"}, {"status": "affected", "version": "7.1.0.2"}, {"status": "affected", "version": "7.1.0.3"}, {"status": "affected", "version": "7.2.0"}, {"status": "affected", "version": "7.2.0.1"}, {"status": "affected", "version": "7.2.1"}, {"status": "affected", "version": "7.2.2"}, {"status": "affected", "version": "7.2.3"}, {"status": "affected", "version": "7.2.4"}, {"status": "affected", "version": "7.2.4.1"}, {"status": "affected", "version": "7.2.5"}, {"status": "affected", "version": "7.2.5.1"}, {"status": "affected", "version": "7.2.6"}, {"status": "affected", "version": "7.2.7"}, {"status": "affected", "version": "7.2.5.2"}, {"status": "affected", "version": "7.3.0"}, {"status": "affected", "version": "7.3.1"}, {"status": "affected", "version": "7.3.1.1"}, {"status": "affected", "version": "7.3.1.2"}, {"status": "affected", "version": "7.4.0"}, {"status": "affected", "version": "7.4.1"}, {"status": "affected", "version": "7.4.1.1"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5", "name": "cisco-sa-ftd-statcred-dFC8tXT5"}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials.\r\n\r This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to access the affected system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable to boot to the operating system, requiring a reimage of the device."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-259", "description": "Use of Hard-coded Password"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-10-23T17:39:04.071Z"}}}, "cveMetadata": {"cveId": "CVE-2024-20412", "state": "PUBLISHED", "dateUpdated": "2024-10-26T03:55:24.066Z", "dateReserved": "2023-11-08T15:08:07.663Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2024-10-23T17:39:04.071Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D619BF54-1BA9-45D0-A876-92D7010088A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "469EA365-DED5-4436-AAC2-5553529DE700", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4D94F400-5A35-41F5-B37F-E9DA6F87ED8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "5364CB94-BEA3-4E9A-A2F9-EE96A2D7F8AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "16FD5D12-CF1A-4990-99B3-1840EFBA5611", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCD2D11D-FF08-44E4-BF67-D8DD1E701FCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F788D156-1F1F-4A08-848B-257BC4CCE000", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "795ED164-7800-4D50-8E37-665BE30190D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "1B0664B8-1670-4F47-A01E-089D05A9618A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "F6826018-5620-4924-BE92-6A245378F610", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "A49A07CF-12BA-481C-B5FF-754520080A8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "F203C7D1-AA92-4367-B7A5-EBAE6B76EE6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "0064C97F-1140-43AC-8229-C8CCC367DC4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "D9296D33-D59A-463D-9722-9D4C3F720E7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "C9F66CCA-0982-4107-BC5B-79D727479343", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "77B80698-1E76-4B13-AB83-A03FF8C785FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "EBC0C3DC-4761-488A-90A9-6EA45EE61526", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "62EE065B-F8B6-4125-8486-B2EE0566B27A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5245DEF8-64BE-47C9-AA3C-DF3F7F92A89F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "D5A52991-802D-46FB-A508-5616BA1CEB78", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F3E08AAC-9C5E-4D18-817C-C466D1D6C4DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "724A3B6F-DDAB-4A2F-8430-9E1F352D755F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "BDBF14DD-0654-47F3-A698-020397A1EAA3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:firepower_1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "E6F79864-CA70-4192-AC2C-E174DF3F25B2", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFE3880-4B85-4E23-9836-70875D5109F7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_1020:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA8B5AF8-6A57-482A-9442-E857EE7E207B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_1030:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9929280-2AAC-4B56-A42C-1F6EDE83988E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_1040:-:*:*:*:*:*:*:*", "matchCriteriaId": "F29B6BC3-D716-4A3D-9679-B7BE81F719C8", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*", "matchCriteriaId": "727A02E8-40A1-4DFE-A3A2-91D628D3044F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*", "matchCriteriaId": "19F6546E-28F4-40DC-97D6-E0E023FE939B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB3B0EC3-4654-4D90-9D41-7EC2AD1DDF99", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_2100:-:*:*:*:*:*:*:*", "matchCriteriaId": "D23A26EF-5B43-437C-A962-4FC69D8A0FF4", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*", "matchCriteriaId": "52D96810-5F79-4A83-B8CA-D015790FCF72", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*", "matchCriteriaId": "16FE2945-4975-4003-AE48-7E134E167A7F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*", "matchCriteriaId": "976901BF-C52C-4F81-956A-711AF8A60140", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_3105:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B65E122-8B8C-4681-9CAE-C375292A26CC", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_3110:-:*:*:*:*:*:*:*", "matchCriteriaId": "012CCE97-B6FE-45B8-9599-D64EE0F80B2A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_3120:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6A73EAE-3C2E-4836-97EC-F644E219C0DD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_3130:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DCF7A7F-9564-4A8D-84FA-7DA25B4BF4B7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_3140:-:*:*:*:*:*:*:*", "matchCriteriaId": "542C19EA-0FFE-4ADC-93BB-EEB6B0A8CAA9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_4215:-:*:*:*:*:*:*:*", "matchCriteriaId": "2634F9A1-8CF7-4824-817A-F617DB48CFFF", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_4225:-:*:*:*:*:*:*:*", "matchCriteriaId": "F021E6A8-FA39-40BD-B570-D5C4F408521C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_4245:-:*:*:*:*:*:*:*", "matchCriteriaId": "B303B6B7-B419-46F1-9291-E70AD1B863D7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials.\r\n\r This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to access the affected system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable to boot to the operating system, requiring a reimage of the device."}, {"lang": "es", "value": "Una vulnerabilidad en el software Cisco Firepower Threat Defense (FTD) para Cisco Firepower 1000, 2100, 3100 y 4200 Series podr\u00eda permitir que un atacante local no autenticado acceda a un sistema afectado utilizando credenciales est\u00e1ticas. Esta vulnerabilidad se debe a la presencia de cuentas est\u00e1ticas con contrase\u00f1as codificadas en un sistema afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad iniciando sesi\u00f3n en la CLI de un dispositivo afectado con estas credenciales. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante acceder al sistema afectado y recuperar informaci\u00f3n confidencial, realizar acciones limitadas de resoluci\u00f3n de problemas, modificar algunas opciones de configuraci\u00f3n o hacer que el dispositivo no pueda iniciarse en el sistema operativo, lo que requiere una nueva imagen del dispositivo."}], "id": "CVE-2024-20412", "lastModified": "2024-11-05T15:03:34.777", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 6.0, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2024-10-23T18:15:09.430", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-259"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}