Security Experts:

Connect with us

Hi, what are you looking for?



Several High-Severity Vulnerabilities Expose Cisco Firewalls to Remote Attacks

Cisco this week released patches for multiple vulnerabilities in Firepower Threat Defense (FTD) software, including high-severity issues that could be exploited for arbitrary command execution or denial-of-service (DoS) attacks.

Cisco this week released patches for multiple vulnerabilities in Firepower Threat Defense (FTD) software, including high-severity issues that could be exploited for arbitrary command execution or denial-of-service (DoS) attacks.

Tracked as CVE-2021-1448 and having a CVSS score of 7.8, the command injection bug is mitigated by the fact that authentication and local access are required for successful exploitation. An attacker able to abuse it, however, may execute arbitrary commands as root on the underlying OS.

The flaw exists because user-supplied command arguments aren’t sufficiently validated, and affects Firepower 4100 and Firepower 9300 series appliances. No workarounds exist, but software updates to address the vulnerability are already available.

Another flaw rooted in insufficient validation impacts the software-based SSL/TLS message handler of FTD and could be abused to cause a DoS condition. The security hole is tracked as CVE-2021-1402 (CVSS score of 8.6).

Remote, unauthenticated attackers could exploit this vulnerability by sending a “crafted SSL/TLS message through an affected device.” However, messages that are sent to the affected device won’t trigger the bug, Cisco notes.

Affected devices include 3000 series industrial security appliances (ISAs), ASA 5512-X/ASA 5515-X/ASA 5525-X/ASA 5545-X/ASA 5555-X adaptive security appliances, Firepower 1000/2100 series, and Firepower Threat Defense Virtual (FTDv) products.

Four other DoS bugs addressed this week in FTD also impact Cisco Adaptive Security Appliance (ASA) software and could all be exploited remotely. Three of them (CVE-2021-1445, CVE-2021-1504, and CVE-2021-1501, CVSS score of 8.6) do not require authentication, while the fourth (CVE-2021-1493, CVSS score of 8.5) does.

Cisco says it is not aware of these vulnerabilities being exploited in attacks in the wild, but nonetheless recommends installing the available patches as soon as possible, to avoid possible cyber-security incidents.

Patches the tech giant released this week also address multiple medium-severity issues, including four in FTD software (two impact ASA software too), five in Firepower Management Center (FMC), one in Firepower Device Manager (FDM), and one in the Snort detection engine that affects multiple products.

Information on all of these vulnerabilities and on the patches released for them is available on Cisco’s security portal.

Related: Cisco Patches Critical Flaw in SD-WAN vManage

Related: Several Cisco Products Exposed to DoS Attacks Due to Snort Vulnerability

Related: Cisco Patches Severe Flaws in Network Management Products, Switches

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.


GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet