Cisco on Thursday released patches for a high severity vulnerability in the Adaptive Security Appliance and Firepower Threat Defense software, warning that exploitation could lead to crippling denial-of-service attacks. In an advisory that carries a 'high-severity' rating, Cisco said the software cryptography module of both ASA and FTD software is affected by a vulnerability exploitable by either a remote authenticated attacker or an unauthenticated attacker in a man-in-the-middle position.
A security vulnerability in Cisco Adaptive Security Appliance that was addressed by the company last October, and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept exploit code. The PoC was published by researchers from cybersecurity firm Positive Technologies on June 24, following which reports emerged that attackers are chasing after an exploit for the bug.
Hackers are scanning for and actively exploiting a vulnerability in Cisco ASA devices after a PoC exploit was published on Twitter. This Cisco ASA vulnerability is cross-site scripting vulnerability that is tracked as CVE-2020-3580.
Researchers at Positive Technologies published the PoC for the bug on Thursday. Real-World Attacks for Cisco ASA. The Cisco ASA is a cybersecurity perimeter-defense appliance that combines firewall, antivirus, intrusion prevention and virtual private network capabilities, all meant to stop threats from making it onto corporate networks.
An unauthenticated file read vulnerability affecting Cisco Adaptive Security Appliance and Firepower Threat Defense software is being exploited by attackers in the wild. There's a proof of concept doing the rounds for directory path traversal in Cisco AnyConnect SSL VPN. It's already being mass spammed across internet.
Specifically affected is Cisco's Firepower Threat Defense software, which is part of its suite of network security and traffic management products; and its Adaptive Security Appliance software, the operating system for its family of ASA corporate network security devices. The most severe flaw exists in the web service interfaces for ASA software and FTD software.
Cisco has fixed 12 vulnerabilities in Cisco Data Center Network Manager, a platform for managing Cisco switches and fabric extenders that run NX-OS, and has warned about a spike in exploitation attempts of an old flaw affecting Cisco Adaptive Security Appliance and Firepower Appliance software. "The vulnerabilities are not dependent on one another; exploitation of one of the vulnerabilities is not required to exploit another vulnerability," Cisco shared.
Cisco has warned customers that a vulnerability patched last year in its Adaptive Security Appliance (ASA) and Firepower Appliance products continues to be targeted by hackers. read more
A high-severity vulnerability affecting Cisco ASA and Firepower security appliances is being exploited in the wild after an exploit has been released online on Friday. “Cisco PSIRT has become...