Cisco Firepower 9000 Series Unauthenticated Web Page Vulnerability

A vulnerability in the web interface of the Cisco Firepower 9000 device could allow an unauthenticated, remote attacker to access a web page that should be restricted.

The vulnerability is due to improper authentication validation. An attacker could exploit this vulnerability by accessing a certain web page on the Cisco Firepower 9000 device that should be restricted to authenticated users. An exploit could allow the attacker to access details about the Cisco Firepower 9000 device that should be available only to an authenticated user.

Cisco has confirmed the vulnerability; however, software updates are not available.

To exploit this vulnerability, an attacker may need access to trusted, internal networks to access a certain web page on the device. This requirement could make exploitation difficult in environments that restrict network access from untrusted sources.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.