CVE-2024-20412
"Cisco Firepower Threat Defense Static Credentials Exposure"
Description
A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to access the affected system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable to boot to the operating system, requiring a reimage of the device.
INFO
Published Date :
Oct. 23, 2024, 6:15 p.m.
Last Modified :
Nov. 5, 2024, 3:03 p.m.
Source :
[email protected]
Remotely Exploitable :
No
Impact Score :
6.0
Exploitability Score :
2.5
Affected Products
The following products are affected by CVE-2024-20412
vulnerability.
Even if cvefeed.io
is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-20412
.
URL | Resource |
---|---|
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5 | Vendor Advisory |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-20412
vulnerability anywhere in the article.

-
Daily CyberSecurity
WhatsApp for Windows Spoofing Vulnerability: Execute Code Risk (CVE-2025-30401)
A security advisory from Facebook details a spoofing vulnerability in WhatsApp for Windows, highlighting a potential risk where malicious actors could trick users into executing arbitrary code. The vu ... Read more

-
Daily CyberSecurity
CVE-2025-27520: Critical BentoML Flaw Allows Full Remote Code Execution, Exploit Available
A severe security vulnerability has been identified in BentoML, a Python library used for building online serving systems optimized for AI applications and model inference. The vulnerability, tracked ... Read more

-
Daily CyberSecurity
PoC Released for CVE-2025-3155: Yelp Flaw Can Expose SSH Keys on Ubuntu Systems
A security vulnerability, identified as CVE-2025-3155, has been discovered in Yelp, the GNOME user help application that comes pre-installed on Ubuntu desktop. The vulnerability involves the way Yelp ... Read more

-
Daily CyberSecurity
MediaTek’s April 2025 Security Bulletin: Critical WLAN Vulnerability Exposes Chipsets
MediaTek has released its April 2025 Product Security Bulletin, detailing a range of security vulnerabilities affecting its various chipsets. The bulletin covers vulnerabilities in chipsets used in sm ... Read more

-
Daily CyberSecurity
Linux Kernel Vulnerability Exposes Local Systems to Privilege Escalation, PoC Published
A security researcher has recently disclosed technical details and proof-of-concept (PoC) exploit code for a vulnerability in the Linux kernel’s Performance Events system component. This flaw, identif ... Read more

-
Daily CyberSecurity
MinIO Urgently Patches High-Severity Incomplete Signature Validation Vulnerability
MinIO, a high-performance object storage server compatible with Amazon S3, has released a patch to address a critical security vulnerability. The vulnerability, tracked as CVE-2025-31489, involves inc ... Read more

-
Daily CyberSecurity
Bitdefender GravityZone Console Hit by Critical PHP Deserialization Vulnerability
A critical-severity vulnerability has been discovered in the Bitdefender GravityZone Console, posing a significant risk to affected systems. The flaw, tracked as CVE-2025-2244 (CVSSv4 9.5), is an inse ... Read more

-
Daily CyberSecurity
50K+ WordPress Sites Exposed: Admin Takeover via Uncanny Automator
A vulnerability has surfaced in the popular WordPress plugin, Uncanny Automator, leaving over 50,000 websites potentially exposed to complete compromise. Tracked as CVE-2025-2075, this critical flaw, ... Read more

-
Daily CyberSecurity
Cisco Addresses High Severity Vulnerabilities in Enterprise Chat and Email, and Meraki MX/Z Series Devices
Cisco has released security advisories addressing vulnerabilities in its Enterprise Chat and Email (ECE) product and its Meraki MX and Z Series devices. These vulnerabilities could allow for denial-of ... Read more

-
Cybersecurity News
Sonatype Nexus Repository 2 Hit By RCE (CVE-2024-5082) and XSS (CVE-2024-5083) Flaws
Sonatype has issued two security advisories for its Nexus Repository Manager 2.x, a popular repository manager used by organizations worldwide to store and distribute software artifacts, warning users ... Read more

-
Cybersecurity News
Frag Ransomware: A New Threat Exploits Veeam Vulnerability (CVE-2024-40711)
The Frag ransom note | Image: SophosSophos X-Ops recently uncovered Frag ransomware in a series of cyberattacks exploiting a vulnerability in Veeam backup servers, designated CVE-2024-40711. This newl ... Read more

-
The Hacker News
THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 - Oct 27)
Cyber Security / Hacking News Cybersecurity news can sometimes feel like a never-ending horror movie, can't it? Just when you think the villains are locked up, a new threat emerges from the shadows. T ... Read more

-
BleepingComputer
Cisco fixes VPN DoS flaw discovered in password spray attacks
Cisco fixed a denial of service flaw in its Cisco ASA and Firepower Threat Defense (FTD) software, which was discovered during large-scale brute force attacks against Cisco VPN devices in April. The f ... Read more

-
The Hacker News
Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack
Vulnerability / Network Security Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance (ASA) that could lead to a denial-of- ... Read more

-
security.nl
Cisco waarschuwt voor meerdere kritieke lekken in FTD- en ASA-software
Cisco waarschuwt organisaties voor meerdere kritieke kwetsbaarheden in de Firepower Threat Defense (FTD), Adaptive Security Appliance (ASA) en Secure Firewall Management Center (FMC) software waardoor ... Read more

-
Cybersecurity News
CVE-2024-20412: Unauthorized Access to Cisco Firepower Devices via Static Credentials
Cisco has recently published a security advisory regarding a critical vulnerability in its Firepower Threat Defense (FTD) software. This vulnerability, identified as CVE-2024-20412, presents a signifi ... Read more
The following table lists the changes that have been made to the
CVE-2024-20412
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Nov. 05, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Changed Reference Type https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5 No Types Assigned https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5 Vendor Advisory Added CWE NIST CWE-798 Added CPE Configuration AND OR *cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.2:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.3:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.2.1:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.2.2:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.2.3:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.2.4:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.2.4.1:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.2.5:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.2.5.1:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.2.5.2:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.2.6:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.2.7:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.3.0:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.3.1:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.3.1.1:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.3.1.2:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.4.0:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.4.1:*:*:*:*:*:*:* *cpe:2.3:a:cisco:firepower_threat_defense:7.4.1.1:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:firepower_1000:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1020:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1030:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1040:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_2100:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_3105:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_3110:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_3120:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_3130:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_3140:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_4215:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_4225:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_4245:-:*:*:*:*:*:*:* -
CVE Received by [email protected]
Oct. 23, 2024
Action Type Old Value New Value Added Description A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to access the affected system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable to boot to the operating system, requiring a reimage of the device. Added Reference Cisco Systems, Inc. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5 [No types assigned] Added CWE Cisco Systems, Inc. CWE-259 Added CVSS V3.1 Cisco Systems, Inc. AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-20412
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-20412
weaknesses.