Use of Hard-coded Password in Cisco Systems, Inc products - CVE-2024-20412
Published: October 25, 2024
Vulnerability identifier: #VU99342
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-20412
CWE-ID: CWE-259
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Firewall Threat Defense (FTD)
Firepower 1000 Series Appliances
Firepower 3100 Series Appliances
Firepower 4200 Series Appliances
Firepower 2100 Series Security Appliances
Cisco Firewall Threat Defense (FTD)
Firepower 1000 Series Appliances
Firepower 3100 Series Appliances
Firepower 4200 Series Appliances
Firepower 2100 Series Security Appliances
Detailed vulnerability description
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to the presence of static accounts with hard-coded passwords on an affected system. A local attacker can access the target system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options or render the device unable to boot to the operating system.
How to mitigate CVE-2024-20412
Install updates from vendor's website.