Improper Encryption of Sensitive Information in FMC GUI Configuration Manager Could Lead to Information Disclosure
CVE-2021-34751
4.3MEDIUM
Key Information:
- Vendor
- Cisco
- Vendor
- CVE Published:
- 15 November 2024
Summary
A vulnerability affecting the web-based GUI configuration manager of Cisco Firepower Management Center Software enables an authenticated remote attacker to exploit weak encryption mechanisms. By possessing low privilege credentials on the impacted device, an attacker can access sensitive configuration information where parameters may be displayed in clear text. This flaw poses significant risks to information security, as it facilitates unauthorized visibility into crucial settings, potentially leading to further exploitation of the system. Cisco has released updates to mitigate this risk, and users are strongly encouraged to apply these patches immediately.
Affected Version(s)
Cisco Firepower Management Center
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved