CVE-2021-1126 MEDIUM

CVE-2021-1126: Cisco Firepower Management Center Information Disclosure Vulnerability

Vendor Cisco
Product Cisco Firepower Management Center
Weakness CWE-256
Published January 13, 2021
Last update November 12, 2024

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. An attacker could exploit this vulnerability by accessing the CLI of the affected software and viewing the contents of the affected files. A successful exploit could allow the attacker to view the credentials that are used to access the proxy server.

Key dates

02Disclosure timeline

January 13, 2021 CVE published
November 12, 2024 Record updated