Security News > 2021 > August > Hackers can bypass Cisco security products in data theft attacks

Hackers can bypass Cisco security products in data theft attacks
2021-08-19 17:30

Cisco said that unauthenticated attackers could bypass TLS inspection filtering tech in multiple products to exfiltrate data from previously compromised servers inside customers' networks.

The threat actors can exploit a vulnerability in the Server Name Identification request filtering impacting 3000 Series Industrial Security Appliances, Firepower Threat Defense, and Web Security Appliance products.

The Cisco Product Security Incident Response Team is not aware of attackers or malware exploiting this security flaw in the wild.

SNIcat is a stealthy exfiltration method discovered by mnemonic Labs security researchers that bypasses security perimeter solutions and TLS inspection devices via TLS Client Hello packets.

"By using our exfiltration method SNIcat, we found that we can bypass a security solution performing TLS inspection, even when the Command & Control domain we use is blocked by common reputation and threat prevention features built into the security solutions themselves," the reearchers said.

"Cisco is investigating its product line to determine which products may be affected by this vulnerability," Cisco added.


News URL

https://www.bleepingcomputer.com/news/security/hackers-can-bypass-cisco-security-products-in-data-theft-attacks/

Related news

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 4453 231 3070 1826 613 5740