lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-id: <201606291232.6.fp@psirt.cisco.com>
Date: Wed, 29 Jun 2016 12:32:11 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco Firepower System Software Static Credential Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Firepower System Software Static Credential Vulnerability

Advisory ID: cisco-sa-20160629-fp

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to log in to the device with a default account. This account does not have full administrator privileges.

The vulnerability is due to a user account that has a default and static password. This account is created during installation. An attacker could exploit this vulnerability by connecting either locally or remotely to the affected system. A successful exploit could allow the attacker to log in to the device using the default account. The default account allows the execution of a subset of command-line interface (CLI) commands that would allow the attacker to partially compromise the device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-fp

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBV2qryK89gD3EAJB5AQKaGA/8DW1mxGdQH0HZL0ih543qDib/oN0wkZU1
3A7arS4mHYApenC7J5WsHULQqNdBf22N3pagOTeGlBlhnXejFxA/fcPqHZCP4FZu
eykxwCLfZFjPmsxytwM/pG/7xsr6lAaehb7xbPPD7Z1LpWEYUYpqaQRPh+ZfFZ6u
s7FtquqCDyV6Vpi3Hu47A4m7XkytTTLkPNuzMRsR7qzDQ2OiTgJiEDmdePr6iVPt
yWQHFy8klt2UfzHJ8f0xHDFiihfeRP9Tyyp6knIgc4QaFbYl8KVUJi7z4Ji1tlXW
Vqk8MDlxU3JA1dxesKXzt5U66E4k8rUJBI2UPSZFTA1+4LxUPIlxN0PrxXSCuBp/
HRGFGA/Ti5q/pSZtqSq+5KM1mCyYJ84b0m3wkDzvCxR5IbS7FjRTMCtGFLtZE6fa
p15WuBp8DEqF6/vHZM3UBjR2Ls1/aHTYGpb11Ksz45IQQb8DJyNn9NykDsaIeg7k
2W0QtXsxWkoQV8CxEKmFk6Eipv0zxElnnzu781bhH3TMST7cWmFsdNfZNFpfI3L8
nNncQ9k5yRMO54V1Ikuxd9JlbMywb5HGLns7XxsuaSN0vjhz+OPY1QhhWp/JkBSe
s1NSXOHiHTVB1+D9AxZ2huCiRVKWlKr08tLPp01HdzeCut9hMn5w41cuvHreRD4I
g2taAqbF01Y=
=z3md
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ