Back to list
Cisco Security Advisory: Cisco Firepower System Software Static Credential Vulnerability
Jun 29 2016 04:32PM
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Cisco Firepower System Software Static Credential Vulnerability
Advisory ID: cisco-sa-20160629-fp
For Public Release 2016 June 29 16:00 UTC (GMT)
A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to log in to the device with a default account. This account does not have full administrator privileges.
The vulnerability is due to a user account that has a default and static password. This account is created during installation. An attacker could exploit this vulnerability by connecting either locally or remotely to the affected system. A successful exploit could allow the attacker to log in to the device using the default account. The default account allows the execution of a subset of command-line interface (CLI) commands that would allow the attacker to partially compromise the device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
-----END PGP SIGNATURE-----
[ reply ]
Copyright 2010, SecurityFocus