Cisco launched a number of patches for prime and demanding vulnerabilities affecting a number of merchandise like its Firepower community safety gadgets, Identification Companies Engine (ISE)) community entry management platform, and Adaptive Safety Equipment (ASA). The US Cybersecurity and Infrastructure Safety Company (CISA) issued an alert urging directors to deploy the accessible patches as a result of “a cyber risk actor might exploit a few of these vulnerabilities to take management of an affected system.”
The exploitation of vulnerabilities in community safety home equipment has change into a standard prevalence in recent times as a result of these gadgets are typically by nature related to the web as a result of they’re perimeter gadgets and supply attackers with a privileged place on the community from the place they will transfer laterally.
Most critical Cisco flaw permits command injection
Essentially the most critical flaw is within the Administration Middle Software program of Cisco Firepower and permits an authenticated attacker to ship unauthorized configuration instructions to Firepower Risk Protection (FTD) gadgets which are managed via the software program. The attacker can authenticate on the net interface and exploit the vulnerability by sending a specifically crafted HTTP request to the goal gadget. Whereas Cisco doesn’t specify in its advisory what the attacker can obtain via these configuration instructions, it rated the flaw as important.
The flaw solely exists within the Administration Middle Software program, so standalone FTD gadgets which are managed via the Cisco Firepower System Supervisor (FDM) are usually not affected. The Cisco Adaptive Safety Equipment (ASA) software program, which is the predecessor to Cisco Firepower is just not affected, both.
Two different command injection vulnerabilities had been additionally patched within the Cisco Firepower Administration Middle, however these can result in command execution on the underlying working system, not the managed gadgets. Exploiting these flaws requires the attacker to have legitimate credentials too, however they don’t should be for the administrator account. The 2 vulnerabilities are rated with excessive severity.
A fourth code injection flaw was discovered and patched in each the Cisco Firepower Administration Middle software program and the Firepower Risk Protection software program. The difficulty is in an inter-device communication mechanism and permits an authenticated attacker to execute instructions on the gadget as root. The limitation is that the attacker must have administrator position on an FTD gadget to focus on the Administration Middle gadget, or to have administrator privileges on the Administration Middle to execute root instructions on an related FTD gadget.
