Security News > 2020 > July > Cisco Network Security Flaw Leaks Sensitive Data

Cisco Network Security Flaw Leaks Sensitive Data
2020-07-23 19:49

A high-severity vulnerability in Cisco's network security software could lay bare sensitive data - such as WebVPN configurations and web cookies - to remote, unauthenticated attackers.

The flaw exists in the web services interface of Cisco's Firepower Threat Defense software, which is part of its suite of network security and traffic management products; and its Adaptive Security Appliance software, the operating system for its family of ASA corporate network security devices.

Cisco said the vulnerability affects products if they are running a vulnerable release of Cisco ASA Software or Cisco FTD Software, with a vulnerable AnyConnect or WebVPN configuration: "The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features," according to its advisory.

To eliminate the vulnerability, Klyuchnikov urged Cisco users to update Cisco ASA to the most recent version.

Earlier in May, Cisco stomped out 12 high-severity vulnerabilities across its ASA and FTD network security products.


News URL

https://threatpost.com/network-security-cisco-flaw-leaks-sensitive-data/157691/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 4427 230 3112 1861 609 5812