Security News > 2020 > October > Cisco Warns of Severe DoS Flaws in Network Security Software

"The Cisco Product Security Incident Response Team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory," according to Cisco in an update released on Wednesday.

The most severe of these flaws includes a vulnerability in Cisco Firepower Chassis Manager, which exists in the Firepower Extensible Operating System and provides management capabilities.

Cisco also patched multiple DoS flaws in its Adaptive Security Appliance software, including ones tied to CVE-2020-3304, CVE-2020-3529, CVE-2020-3528, CVE-2020-3554, CVE-2020-3572and CVE-2020-3373 that could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly.

Another flaw of note, in the web services interface of Cisco Adaptive Security Appliance and Firepower Threat Defense, could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload. The flaw stems from the software not efficiently handling the writing of large files to specific folders on the local file system.

The new security alerts come a day after Cisco sent out an advisory warning that a flaw the Cisco Discovery Protocol implementation for Cisco IOS XR Software was being actively exploited by attackers.

News URL

https://threatpost.com/cisco-dos-flaws-network-security-software/160414/