Main Vulnerability Database Vulnerabilities #VU99342

#VU99342 Use of Hard-coded Password in Cisco Systems, Inc products - CVE-2024-20412

Published: October 25, 2024

Vulnerability identifier: #VU99342

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-20412

CWE-ID: CWE-259

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Firewall Threat Defense (FTD)
Firepower 1000 Series Appliances
Firepower 3100 Series Appliances
Firepower 4200 Series Appliances
Firepower 2100 Series Security Appliances

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the presence of static accounts with hard-coded passwords on an affected system. A local attacker can access the target system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options or render the device unable to boot to the operating system.

Remediation

Install updates from vendor's website.

External links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5

#VU99342 Use of Hard-coded Password in Cisco Systems, Inc products - CVE-2024-20412

Description

Remediation

External links

Please verify you're human