CVE-2021-1126Plaintext Storage of a Password in Cisco Secure Firewall Management Center

CWE-256Plaintext Storage of a PasswordCWE-522Insufficiently Protected CredentialsCWE-732Incorrect Permission Assignment4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 88.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Secure Firewall Management CenterCisco Firepower Management Center
Timeline
PublishedJan 13
Latest updateMay 24

Description

A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. An attacker could exploit this vulnerability by accessing the CLI of the affected software and viewing the contents of the affected files. A successful exploit could allow the attacker to view the crede

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-p733-729j-99xq: A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to2022-05-24
CVEList
Cisco Firepower Management Center Information Disclosure Vulnerability2021-01-13

📋Vendor Advisories

1
Cisco
Cisco Firepower Management Center Information Disclosure Vulnerability2021-01-13
CVE-2021-1126 — Plaintext Storage of a Password | cvebase