Description

A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to access the affected system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable to boot to the operating system, requiring a reimage of the device.

INFO

Published Date :

2024-10-23T17:39:04.071Z

Last Modified :

2024-10-26T03:55:24.066Z

Source :

cisco
AFFECTED PRODUCTS

The following products are affected by CVE-2024-20412 vulnerability.

Vendors Products
Cisco
  • Firepower 1000
  • Firepower 1010
  • Firepower 1020
  • Firepower 1030
  • Firepower 1040
  • Firepower 1120
  • Firepower 1140
  • Firepower 1150
  • Firepower 2100
  • Firepower 2110
  • Firepower 2120
  • Firepower 2130
  • Firepower 2140
  • Firepower 3105
  • Firepower 3110
  • Firepower 3120
  • Firepower 3130
  • Firepower 3140
  • Firepower 4215
  • Firepower 4225
  • Firepower 4245
  • Firepower Threat Defense
  • Firepower Threat Defense Software
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-20412.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact