CVE-2024-20412

CWE-259CWE-798Hard-coded Credentials4 documents4 sources
Severity
8.4HIGH
EPSS
0.2%
top 61.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Firepower Threat Defense SoftwareCisco Firepower Threat Defense
Timeline
PublishedOct 23

Description

A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to acce

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.5 | Impact: 6.0

Affected Packages2 packages

NVDcisco/firepower_threat_defense23 versions+22

🔴Vulnerability Details

2
CVEList
CVE-2024-20412: A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated,2024-10-23
GHSA
GHSA-p38m-32qc-f4cg: A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated,2024-10-23

📋Vendor Advisories

1
Cisco
Cisco Firepower Threat Defense Software for Firepower 1000, 2100, 3100, and 4200 Series Static Credential Vulnerability2024-10-23