Security News > 2020 > July > Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns

Cisco is warning that a high-severity flaw in its network security software is being actively exploited - allowing remote, unauthenticated attackers to access sensitive data.

"The Cisco Product Security Incident Response Team is aware of the existence of public exploit code and active exploitation of the vulnerability that is described in this advisory," according to Cisco.

The flaw specifically exists in the web services interface of Firepower Threat Defense software, which is part of Cisco's suite of network security and traffic management products; and its Adaptive Security Appliance software, the operating system for its family of ASA corporate network security devices.

Cisco said the vulnerability affects products if they are running a vulnerable release of Cisco ASA Software or Cisco FTD Software, with a vulnerable AnyConnect or WebVPN configuration: "The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features," according to its advisory.

"Cisco ASA Software releases 9.5 and earlier, as well as Release 9.7, along with Cisco FTD Release 6.2.2 have reached the end of software maintenance and organizations will have to upgrade to a later, supported version to fix this vulnerability."

News URL

https://threatpost.com/attackers-exploiting-high-severity-network-security-flaw-cisco-warns/157756/