Security News > 2020 > July > Cisco Network Security Flaw Leaks Sensitive Data
A high-severity vulnerability in Cisco's network security software could lay bare sensitive data - such as WebVPN configurations and web cookies - to remote, unauthenticated attackers.
The flaw exists in the web services interface of Cisco's Firepower Threat Defense software, which is part of its suite of network security and traffic management products; and its Adaptive Security Appliance software, the operating system for its family of ASA corporate network security devices.
Cisco said the vulnerability affects products if they are running a vulnerable release of Cisco ASA Software or Cisco FTD Software, with a vulnerable AnyConnect or WebVPN configuration: "The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features," according to its advisory.
To eliminate the vulnerability, Klyuchnikov urged Cisco users to update Cisco ASA to the most recent version.
Earlier in May, Cisco stomped out 12 high-severity vulnerabilities across its ASA and FTD network security products.
News URL
https://threatpost.com/network-security-cisco-flaw-leaks-sensitive-data/157691/
Related news
- Setting Up Your Network Security? Avoid These 4 Mistakes (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Cisco says DevHub site leak won’t enable future breaches (source)
- Here's what happens if you don't layer network security – or remove unused web shells (source)