1. Home
  2. CVE Database
  3. CVE-2024-20412
CRITICAL · 9.3

CVE-2024-20412

A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using...

Vulnerability Description

A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to access the affected system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable to boot to the operating system, requiring a reimage of the device.

CVSS Score

9.3

CRITICAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CiscoFirepower Threat Defense7.1.0
CiscoFirepower 1000-
CiscoFirepower 1010-
CiscoFirepower 1020-
CiscoFirepower 1030-
CiscoFirepower 1040-
CiscoFirepower 1120-
CiscoFirepower 1140-
CiscoFirepower 1150-
CiscoFirepower 2100-
CiscoFirepower 2110-
CiscoFirepower 2120-
CiscoFirepower 2130-
CiscoFirepower 2140-
CiscoFirepower 3105-
CiscoFirepower 3110-
CiscoFirepower 3120-
CiscoFirepower 3130-
CiscoFirepower 3140-
CiscoFirepower 4215-

Related Weaknesses (CWE)

CWE-798CWE-259

References

FAQ

What is CVE-2024-20412?

CVE-2024-20412 is a vulnerability with a CVSS score of 9.3 (CRITICAL). A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using...

How severe is CVE-2024-20412?

CVE-2024-20412 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-20412?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Firepower Threat Defense, Cisco Firepower 1000, Cisco Firepower 1010, Cisco Firepower 1020, Cisco Firepower 1030.