CVE-2024-20412: 
Cisco Firepower Threat Defense (FTD) vulnerability analysis and mitigation

A critical vulnerability (CVE-2024-20412) was discovered in Cisco Firepower Threat Defense (FTD) Software affecting Firepower 1000, 2100, 3100, and 4200 Series devices. The vulnerability, with a CVSS score of 9.3, allows unauthenticated local attackers to access affected systems using static credentials. The issue affects devices running FTD Software Release 7.1 through 7.4 with a vulnerability database (VDB) release of 387 or earlier (Cisco Advisory).

The vulnerability stems from the presence of static accounts with hard-coded passwords on affected systems. These accounts include csm_processes, report, sftop10user, Sourcefire, and SRU. The vulnerability can be exploited through two access methods: the physical serial port connected to a terminal server for remote access, or SSH, which is enabled by default on the management interface. The vulnerability has been assigned CWE-259 (Use of Hard-coded Password) and received a Critical CVSS v3.1 base score of 9.3 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) (Cisco Advisory, NVD).

A successful exploitation could allow attackers to access the affected system, retrieve sensitive information, perform limited troubleshooting actions, modify configuration options, or render the device unable to boot to the operating system, requiring a reimage of the device (Cisco Advisory).

Cisco has released software updates that address this vulnerability. Additionally, customers can install VDB Release 388 or later on affected devices if they do not wish to apply a base software upgrade. A workaround is available for customers who cannot upgrade to a fixed release by contacting the Cisco Technical Assistance Center (TAC). Administrators can check for the presence of static accounts using the 'show local-user' command from the security scope in the Cisco FXOS CLI (Cisco Advisory).