Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Several High-Severity Vulnerabilities Expose Cisco Firewalls to Remote Attacks

Cisco this week released patches for multiple vulnerabilities in Firepower Threat Defense (FTD) software, including high-severity issues that could be exploited for arbitrary command execution or denial-of-service (DoS) attacks.

Cisco this week released patches for multiple vulnerabilities in Firepower Threat Defense (FTD) software, including high-severity issues that could be exploited for arbitrary command execution or denial-of-service (DoS) attacks.

Tracked as CVE-2021-1448 and having a CVSS score of 7.8, the command injection bug is mitigated by the fact that authentication and local access are required for successful exploitation. An attacker able to abuse it, however, may execute arbitrary commands as root on the underlying OS.

The flaw exists because user-supplied command arguments aren’t sufficiently validated, and affects Firepower 4100 and Firepower 9300 series appliances. No workarounds exist, but software updates to address the vulnerability are already available.

Another flaw rooted in insufficient validation impacts the software-based SSL/TLS message handler of FTD and could be abused to cause a DoS condition. The security hole is tracked as CVE-2021-1402 (CVSS score of 8.6).

Remote, unauthenticated attackers could exploit this vulnerability by sending a “crafted SSL/TLS message through an affected device.” However, messages that are sent to the affected device won’t trigger the bug, Cisco notes.

Affected devices include 3000 series industrial security appliances (ISAs), ASA 5512-X/ASA 5515-X/ASA 5525-X/ASA 5545-X/ASA 5555-X adaptive security appliances, Firepower 1000/2100 series, and Firepower Threat Defense Virtual (FTDv) products.

Four other DoS bugs addressed this week in FTD also impact Cisco Adaptive Security Appliance (ASA) software and could all be exploited remotely. Three of them (CVE-2021-1445, CVE-2021-1504, and CVE-2021-1501, CVSS score of 8.6) do not require authentication, while the fourth (CVE-2021-1493, CVSS score of 8.5) does.

Cisco says it is not aware of these vulnerabilities being exploited in attacks in the wild, but nonetheless recommends installing the available patches as soon as possible, to avoid possible cyber-security incidents.

Advertisement. Scroll to continue reading.

Patches the tech giant released this week also address multiple medium-severity issues, including four in FTD software (two impact ASA software too), five in Firepower Management Center (FMC), one in Firepower Device Manager (FDM), and one in the Snort detection engine that affects multiple products.

Information on all of these vulnerabilities and on the patches released for them is available on Cisco’s security portal.

Related: Cisco Patches Critical Flaw in SD-WAN vManage

Related: Several Cisco Products Exposed to DoS Attacks Due to Snort Vulnerability

Related: Cisco Patches Severe Flaws in Network Management Products, Switches

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights