Static Credential Vulnerability in Cisco Firepower System Software
CVE-2016-1394

8.6HIGH

Key Information:

Vendor: Cisco
Status: Firesight System Software
Vendor: CVE Published:; 3 July 2016

Summary

A vulnerability in Cisco Firepower System Software allows remote attackers to gain unauthorized access to the Command Line Interface (CLI) due to a hardcoded account. This weakness enables attackers who know the hardcoded password to exploit the system, potentially leading to unauthorized control and manipulation of network configurations. It is crucial for users of affected versions to apply necessary patches and review security practices to mitigate risks.

References

http://www.securityfocus.com/bid/91503

vdb-entryx_refsource_BID

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 3, 2016
Vulnerability Reserved
Jan 4, 2016