Executive Summary

Title Cisco Firepower System Software Static Credential Vulnerability
Name cisco-sa-20160629-fp First vendor Publication 2016-06-29
Vendor Cisco Last vendor Modification 2016-06-29
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to log in to the device with a default account. This account does not have full administrator privileges.

The vulnerability is due to a user account that has a default and static password. This account is created during installation. An attacker could exploit this vulnerability by connecting either locally or remotely to the affected system. A successful exploit could allow the attacker to log in to the device using the default account. The default account allows the execution of a subset of command-line interface (CLI) commands that would allow the attacker to partially compromise the device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:


BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBV2qryK89gD3EAJB5AQKaGA/8DW1mxGdQH0HZL0ih543qDib/oN0wkZU1 3A7arS4mHYApenC7J5WsHULQqNdBf22N3pagOTeGlBlhnXejFxA/fcPqHZCP4FZu eykxwCLfZFjPmsxytwM/pG/7xsr6lAaehb7xbPPD7Z1LpWEYUYpqaQRPh+ZfFZ6u s7FtquqCDyV6Vpi3Hu47A4m7XkytTTLkPNuzMRsR7qzDQ2OiTgJiEDmdePr6iVPt yWQHFy8klt2UfzHJ8f0xHDFiihfeRP9Tyyp6knIgc4QaFbYl8KVUJi7z4Ji1tlXW Vqk8MDlxU3JA1dxesKXzt5U66E4k8rUJBI2UPSZFTA1+4LxUPIlxN0PrxXSCuBp/ HRGFGA/Ti5q/pSZtqSq+5KM1mCyYJ84b0m3wkDzvCxR5IbS7FjRTMCtGFLtZE6fa p15WuBp8DEqF6/vHZM3UBjR2Ls1/aHTYGpb11Ksz45IQQb8DJyNn9NykDsaIeg7k 2W0QtXsxWkoQV8CxEKmFk6Eipv0zxElnnzu781bhH3TMST7cWmFsdNfZNFpfI3L8 nNncQ9k5yRMO54V1Ikuxd9JlbMywb5HGLns7XxsuaSN0vjhz+OPY1QhhWp/JkBSe s1NSXOHiHTVB1+D9AxZ2huCiRVKWlKr08tLPp01HdzeCut9hMn5w41cuvHreRD4I g2taAqbF01Y= =z3md END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-264 Permissions, Privileges, and Access Controls
50 % CWE-255 Credentials Management

CPE : Common Platform Enumeration

Application 4

Alert History

If you want to see full details history, please login or register.
Date Informations
2016-07-06 05:32:48
  • Multiple Updates
2016-07-03 09:29:56
  • Multiple Updates
2016-06-29 21:19:19
  • First insertion