CVE-2021-1126

MEDIUM

Cisco Firepower Management Center - Info Disclosure

Title source: llm

Description

A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. An attacker could exploit this vulnerability by accessing the CLI of the affected software and viewing the contents of the affected files. A successful exploit could allow the attacker to view the credentials that are used to access the proxy server.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infodisc-RJdktM6f

Scores

CVSS v3 5.5

EPSS 0.0004

EPSS Percentile 11.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522 CWE-732 CWE-256

Status published

Affected Products (1)

cisco/secure_firewall_management_center < 6.7.0

Timeline

Published Jan 13, 2021

Tracked Since Feb 18, 2026