Cisco Network Security Flaw Leaks Sensitive Data

2020-07-23 19:49

A high-severity vulnerability in Cisco's network security software could lay bare sensitive data - such as WebVPN configurations and web cookies - to remote, unauthenticated attackers.

The flaw exists in the web services interface of Cisco's Firepower Threat Defense software, which is part of its suite of network security and traffic management products; and its Adaptive Security Appliance software, the operating system for its family of ASA corporate network security devices.

Cisco said the vulnerability affects products if they are running a vulnerable release of Cisco ASA Software or Cisco FTD Software, with a vulnerable AnyConnect or WebVPN configuration: "The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features," according to its advisory.

To eliminate the vulnerability, Klyuchnikov urged Cisco users to update Cisco ASA to the most recent version.

Earlier in May, Cisco stomped out 12 high-severity vulnerabilities across its ASA and FTD network security products.

News URL

https://threatpost.com/network-security-cisco-flaw-leaks-sensitive-data/157691/

#cisco #leak #networksecurity #security

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco		4427	230	3112	1861	609	5812

News URL

Related news

Related vendor