Security News > 2021 > April > Several High-Severity Vulnerabilities Expose Cisco Firewalls to Remote Attacks

Cisco this week released patches for multiple vulnerabilities in Firepower Threat Defense software, including high-severity issues that could be exploited for arbitrary command execution or denial-of-service attacks.

An attacker able to abuse it may execute arbitrary commands as root on the underlying OS. The flaw exists because user-supplied command arguments aren't sufficiently validated, and affects Firepower 4100 and Firepower 9300 series appliances.

Remote, unauthenticated attackers could exploit this vulnerability by sending a "Crafted SSL/TLS message through an affected device." However, messages that are sent to the affected device won't trigger the bug, Cisco notes.

Affected devices include 3000 series industrial security appliances, ASA 5512-X/ASA 5515-X/ASA 5525-X/ASA 5545-X/ASA 5555-X adaptive security appliances, Firepower 1000/2100 series, and Firepower Threat Defense Virtual products.

Cisco says it is not aware of these vulnerabilities being exploited in attacks in the wild, but nonetheless recommends installing the available patches as soon as possible, to avoid possible cyber-security incidents.

Information on all of these vulnerabilities and on the patches released for them is available on Cisco's security portal.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/-rI9kVmPtQ8/several-high-severity-vulnerabilities-expose-cisco-firewalls-remote-attacks