Thatguylevel

**Name of the Vulnerable Software and Affected Versions** Cellebrite UFED physical device versions 5.0 through 7.5.0.845 **Description** The issue concerns the use of hardcoded key material within the executable code and encrypted files of the Cellebrite UFED physical device. This key material is the same for every device running the same version of the software and does not appear to change with new builds. As a result, it is possible to reconstruct the decryption process using this hardcoded key material, allowing for easy access to otherwise protected data. **Recommendations** For versions 5.0 through 7.5.0.845, consider disabling the decryption process using the hardcoded key material until a patch is available. Restrict access to the encrypted files to minimize the risk of exploitation. Avoid relying on the key enveloping technique for data protection until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell OpenManage Network Manager versions prior to 6.5.3 **Description** The issue is caused by a misconfiguration in the /etc/sudoers file, leading to an improper authorization. **Recommendations** For versions prior to 6.5.3, update to version 6.5.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Dell OpenManage Network Manager versions prior to 6.5.0 **Description** The issue is related to an insecure default configuration setting for the embedded MySQL database, which allows MySQL users to have read/write access to the file system. **Recommendations** For versions prior to 6.5.0, update to version 6.5.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Management Center versions 5.2.0 through 6.0.1 **Description** The issue allows remote authenticated users to execute arbitrary commands via crafted web-application parameters. **Recommendations** For versions 5.2.0 through 6.0.1, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Management Center version 6.0.1 **Description** The issue allows local users to obtain sensitive information by leveraging CLI access due to hardcoded database credentials. **Recommendations** For Cisco Firepower Management Center version 6.0.1, update the system to remove hardcoded database credentials to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Management Center version 6.0.1 **Description** The issue allows remote authenticated users to read arbitrary files via crafted parameters. **Recommendations** For Cisco Firepower Management Center version 6.0.1, consider restricting access to the web console until a patch is available. Avoid using crafted parameters in the web console to minimize the risk of exploitation.