EIP-2026-116961

PRE-CVE

Cisco Sourcefire User Agent 2.2 - Insecure File Permissions

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116961. PoCs published by Glafkos Charalambous.

AI-analyzed exploit summary This exploit demonstrates an insecure file permissions vulnerability in Cisco Sourcefire User Agent, allowing local attackers to read sensitive database files and decrypt Domain Controller credentials using hardcoded 3DES keys.

Description

Cisco Sourcefire User Agent 2.2 - Insecure File Permissions

Exploits (1)

exploitdb WORKING POC
by Glafkos Charalambous · clocalwindows
https://www.exploit-db.com/exploits/38107

This exploit demonstrates an insecure file permissions vulnerability in Cisco Sourcefire User Agent, allowing local attackers to read sensitive database files and decrypt Domain Controller credentials using hardcoded 3DES keys.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Cisco SF User Agent 2.2
No auth needed
Prerequisites: Local access to the system · Presence of the vulnerable Cisco SF User Agent installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026