Several High-Severity Vulnerabilities Expose Cisco Firewalls to Remote Attacks
Cisco this week released patches for multiple vulnerabilities in Firepower Threat Defense (FTD) software, including high-severity issues that could be exploited for arbitrary command execution or denial-of-service (DoS) attacks.
Tracked as CVE-2021-1448 and having a CVSS score of 7.8, the command injection bug is mitigated by the fact that authentication and local access are required for successful exploitation. An attacker able to abuse it, however, may execute arbitrary commands as root on the underlying OS.
The flaw exists because user-supplied command arguments aren’t sufficiently validated, and affects Firepower 4100 and Firepower 9300 series appliances. No workarounds exist, but software updates to address the vulnerability are already available.
Another flaw rooted in insufficient validation impacts the software-based SSL/TLS message handler of FTD and could be abused to cause a DoS condition. The security hole is tracked as CVE-2021-1402 (CVSS score of 8.6).
Remote, unauthenticated attackers could exploit this vulnerability by sending a “crafted SSL/TLS message through an affected device.” However, messages that are sent to the affected device won’t trigger the bug, Cisco notes.
Affected devices include 3000 series industrial security appliances (ISAs), ASA 5512-X/ASA 5515-X/ASA 5525-X/ASA 5545-X/ASA 5555-X adaptive security appliances, Firepower 1000/2100 series, and Firepower Threat Defense Virtual (FTDv) products.
Four other DoS bugs addressed this week in FTD also impact Cisco Adaptive Security Appliance (ASA) software and could all be exploited remotely. Three of them (CVE-2021-1445, CVE-2021-1504, and CVE-2021-1501, CVSS score of 8.6) do not require authentication, while the fourth (CVE-2021-1493, CVSS score of 8.5) does.
Cisco says it is not aware of these vulnerabilities being exploited in attacks in the wild, but nonetheless recommends installing the available patches as soon as possible, to avoid possible cyber-security incidents.
Patches the tech giant released this week also address multiple medium-severity issues, including four in FTD software (two impact ASA software too), five in Firepower Management Center (FMC), one in Firepower Device Manager (FDM), and one in the Snort detection engine that affects multiple products.
Information on all of these vulnerabilities and on the patches released for them is available on Cisco’s security portal.