Vulnerabilities > Cisco > Firepower Threat Defense > 7.4.0

DATE CVE VULNERABILITY TITLE RISK
2024-10-23 CVE-2024-20412 Use of Hard-coded Credentials vulnerability in Cisco Firepower Threat Defense
A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system.
local
low complexity
cisco CWE-798
8.4
2024-10-23 CVE-2024-20431 Unspecified vulnerability in Cisco Firepower Threat Defense
A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control policy. This vulnerability is due to improper assignment of geolocation data.
network
low complexity
cisco
5.8
2024-04-24 CVE-2024-20353 Infinite Loop vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header.
network
low complexity
cisco CWE-835
8.6
2024-04-24 CVE-2024-20359 Code Injection vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges.
local
low complexity
cisco CWE-94
6.0
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-09-06 CVE-2023-20269 Incorrect Authorization vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features.
network
low complexity
cisco CWE-863
critical
9.1