SB2024102524 - Use of Hard-coded Password in Cisco Firepower Threat Defense Software for Firepower 1000, 2100, 3100 and 4200 Series

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024102524

SB2024102524 - Use of Hard-coded Password in Cisco Firepower Threat Defense Software for Firepower 1000, 2100, 3100 and 4200 Series

Published: October 25, 2024

Security Bulletin ID SB2024102524
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Use of Hard-coded Password (CVE-ID: CVE-2024-20412)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the presence of static accounts with hard-coded passwords on an affected system. A local attacker can access the target system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options or render the device unable to boot to the operating system.


Remediation

Install update from vendor's website.

References