Cisco launched a number of patches for prime and demanding vulnerabilities affecting a number of merchandise like its Firepower community security units, Id Companies Engine (ISE)) community entry management platform, and Adaptive Safety Equipment (ASA). The US Cybersecurity and Infrastructure Safety Company (CISA) issued an alert urging directors to deploy the accessible patches as a result of “a cyber risk actor may exploit a few of these vulnerabilities to take management of an affected system.”
The exploitation of vulnerabilities in community security home equipment has turn into a standard prevalence lately as a result of these units are typically by nature related to the web as a result of they’re perimeter units and supply attackers with a privileged place on the community from the place they’ll transfer laterally.
Most critical Cisco flaw permits command injection
Essentially the most critical flaw is within the Administration Middle Software program of Cisco Firepower and permits an authenticated attacker to ship unauthorized configuration instructions to Firepower Risk Protection (FTD) units which can be managed by the software program. The attacker can authenticate on the internet interface and exploit the vulnerability by sending a specifically crafted HTTP request to the goal gadget. Whereas Cisco doesn’t specify in its advisory what the attacker can obtain by these configuration instructions, it rated the flaw as important.
The flaw solely exists within the Administration Middle Software program, so standalone FTD units which can be managed by the Cisco Firepower Gadget Supervisor (FDM) should not affected. The Cisco Adaptive Safety Equipment (ASA) software program, which is the predecessor to Cisco Firepower shouldn’t be affected, both.
Two different command injection vulnerabilities have been additionally patched within the Cisco Firepower Administration Middle, however these can result in command execution on the underlying working system, not the managed units. Exploiting these flaws requires the attacker to have legitimate credentials too, however they don’t must be for the administrator account. The 2 vulnerabilities are rated with excessive severity.
A fourth code injection flaw was discovered and patched in each the Cisco Firepower Administration Middle software program and the Firepower Risk Protection software program. The problem is in an inter-device communication mechanism and permits an authenticated attacker to execute instructions on the gadget as root. The limitation is that the attacker must have administrator function on an FTD gadget to focus on the Administration Middle gadget, or to have administrator privileges on the Administration Middle to execute root instructions on an related FTD gadget.
