############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: Cisco Firepower Management Center # Vendor: Cisco # CSNC ID: CSNC-2021-014 # CVE ID: CVE-2021-34750, CVE-2021-34751 # Subject: Sensitive Data Exposure # Risk: Medium # Effect: Remotely exploitable # Author: Fabio Poloni # Date: 16.06.2021 # ############################################################# Introduction ------------ Cisco Firepower Management Center is an administrative nerve center for managing critical Cisco network security solutions. It provides complete and unified management over firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection. [1] Affected -------- Vulnerable: * 7.0.0.1 and earlier * 6.7.0.2 and earlier * 6.4.0.12 and earlier Not vulnerable: * 7.0.1 * 6.7.0.3 (Jan 2022) * 6.6.5.1 (Nov 2021) * 6.4.0.13 Technical Description --------------------- After configuring secrets in Firepower Management Center they can be read out in cleartext by low-privileged users using a web browser and developer tools. Read SNMP Community String: * Go to Devices > Platform Settings > [Select Platform] > SNMP > [Select Interface] > Community String * Inspect the input or response, the password is in the value attribute of the password field Read VPN Pre-Shared Key: * Go to Devices > VPN > Site to Site > [Select Tunnel] > IKE > Key * Inspect the input or response, the password is in the value attribute of the password field Vulnerability Classification ---------------------------- CVSS v3.1 Metrics [2]: * CVSS Base Score: 4.3 * CVSS Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Workaround / Fix ---------------- Update to the latest version. Timeline -------- 2021-06-15: Discovery by Analyst Fabio Poloni 2021-06-16: Initial vendor notification 2021-07-29: Findings have been reproduced by vendor, fixes are being developed 2021-08-12: CVEs assigned, timeline announced 2021-10-27: Fix released / public disclosure [3] References ---------- [1] https://www.cisco.com/c/en/us/products/security/firepower-management-center/index.html [2] https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N&version=3.1 [3] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infodisc-Ft2WVmNU