vendor:
Sourcefire User Agent
by:
Glafkos Charalambous
5.5
CVSS
MEDIUM
Insecure File Permissions
269
CWE
Product Name: Sourcefire User Agent
Affected Version From: Cisco SF User Agent 2.2
Affected Version To: Cisco SF User Agent 2.2-25
Patch Exists: YES
Related CWE: Not assigned by Cisco
CPE: cisco:sourcefire_user_agent
Platforms Tested:
2015
Cisco Sourcefire User Agent Insecure File Permissions Vulnerability
Sourcefire User Agent is vulnerable to default insecure file permissions and hardcoded encryption keys. A local attacker can exploit this by gaining access to user readable database file and extracting sensitive information. In combination with hard-coded 3DES keys an attacker is able to decrypt configured Domain Controller accounts which can lead to further attacks.
Mitigation:
Apply the vendor-provided patch or upgrade to the fixed version (Cisco SF User Agent 2.2-25). Restrict access to the database file to trusted users. Implement strong encryption algorithms and ensure that encryption keys are not hardcoded.