QID 317274
Date Published: 2022-11-21
QID 317274: Cisco Firepower Management Center (FMC) Software SNMP Default Credential Vulnerability (cisco-sa-fmcsfr-snmp-access-6gqgtJ4S)
Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system.
Affected Products
This vulnerability affects Cisco products if they are running a vulnerable release of Cisco FMC Software.
7.0.0 prior to version 7.0.5
NOTE:
This vulnerability affects only those devices that are having SNMP enabled.
To determine whether SNMP is enabled on Cisco FMC Software, choose Devices > Device Management. If Admin State is checked, SNMP is enabled.
QID Detection Logic (Authenticated):
This QID is potential and will only check for the version retrieved via Unix Auth using "show version" command.
Successful exploitation of this vulnerability could allow the attacker to retrieve sensitive information from the device using the default credential.
Customers are advised to refer to cisco-sa-fmcsfr-snmp-access-6gqgtJ4S for more information.Workaround:
A user with Administrator privileges can execute the following commands in expert mode to apply a workaround for this vulnerability:
# expert
# sudo su -
# sed -i 's/^com2sec/#com2sec/' /etc/snmp/snmpd.conf
# pmtool restartbyid snmpd
If SNMP is not needed on the device, the administrator can remove the SNMP configuration so the device will not be affected by this vulnerability.
- cisco-sa-fmcsfr-snmp-access-6gqgtJ4S -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmcsfr-snmp-access-6gqgtJ4S
CVEs related to QID 317274
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-fmcsfr-snmp-access-6gqgtJ4S |
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmcsfr-snmp-access-6gqgtJ4S |