漏洞标题
N/A
漏洞描述信息
Cisco Firepower Software 的简单网络管理协议(SNMP)访问控制中的漏洞,可能导致无验证的远程攻击者使用默认凭据执行SNMP GET请求。此漏洞是由于SNMP版本1(SNMPv1)和SNMP版本2(SNMPv2)中存在默认凭据。攻击者可以通过向受影响的设备发送SNMPv1或SNMPv2 GET请求来利用此漏洞。成功利用此漏洞可能导致攻击者使用默认凭据从设备中提取敏感信息。只有在配置SNMP时,攻击者才能执行SNMP GET请求;使用SNMP进行写入访问是不允许的。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential.
This vulnerability is due to the presence of a default credential for SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2). An attacker could exploit this vulnerability by sending an SNMPv1 or SNMPv2 GET request to an affected device. A successful exploit could allow the attacker to retrieve sensitive information from the device using the default credential.
This attack will only be successful if SNMP is configured, and the attacker can only perform SNMP GET requests; write access using SNMP is not allowed.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
漏洞类别
访问控制不恰当
漏洞标题
Cisco Firepower Management Center 授权问题漏洞
漏洞描述信息
Cisco Firepower Management Center(FMC)是美国思科(Cisco)公司的新一代防火墙管理中心软件。 Cisco FirePOWER Software、Cisco Firepower Management Center(FMC) Software和Cisco Next-Generation Intrusion Prevention System(NGIPS) Software存在授权问题漏洞,该漏洞源于SNMPv1和SNMPv2存在默认凭证,攻击者可以通过向受影响设备发送S
CVSS信息
N/A
漏洞类别
授权问题