Security News > 2020 > July > Cisco Network Security Flaw Leaks Sensitive Data
A high-severity vulnerability in Cisco's network security software could lay bare sensitive data - such as WebVPN configurations and web cookies - to remote, unauthenticated attackers.
The flaw exists in the web services interface of Cisco's Firepower Threat Defense software, which is part of its suite of network security and traffic management products; and its Adaptive Security Appliance software, the operating system for its family of ASA corporate network security devices.
Cisco said the vulnerability affects products if they are running a vulnerable release of Cisco ASA Software or Cisco FTD Software, with a vulnerable AnyConnect or WebVPN configuration: "The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features," according to its advisory.
To eliminate the vulnerability, Klyuchnikov urged Cisco users to update Cisco ASA to the most recent version.
Earlier in May, Cisco stomped out 12 high-severity vulnerabilities across its ASA and FTD network security products.
News URL
https://threatpost.com/network-security-cisco-flaw-leaks-sensitive-data/157691/
Related news
- US task force aims to plug security leaks in water sector (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Cisco creates architecture to improve security and sell you new switches (source)
- Governments issue alerts after 'sophisticated' state-backed actor found exploiting flaws in Cisco security boxes (source)