Saturday, April 26, 2025
Follow us On Linkedin
HomeCisco18 Vulnerabilities that Affected Cisco Software's Let Hackers Perform DOS, RCE to...

18 Vulnerabilities that Affected Cisco Software’s Let Hackers Perform DOS, RCE to Gain Unauthorized System Access

CiscoCVE/vulnerabilityHacks

Published on

By Balaji
Cisco Software

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Cisco released new security updates for multiple software products such as Cisco ASA, FMC, and FTD Software that affects 18 vulnerabilities in various category.

Cisco addressed all the 18 vulnerabilities as a “High” severity category, and the successful exploitation allows malicious hackers to gain unauthorized access to the systems deployed with vulnerable Cisco software.

All the vulnerabilities affected 3 major Cisco software 1. Cisco ASA Software, 2.Cisco FMC Software, and 3. Cisco FTD Software.

- Advertisement - Google News

Out of 18 vulnerabilities,12 vulnerabilities affected Cisco FMC Software which is used in the Cisco Firepower Management Center Virtual Appliance, Four of the vulnerabilities affect both Cisco ASA Software, and Cisco FTD Software, another 2 vulnerabilities affected Cisco ASA Software and Cisco FTD Software respectively.

In this case, Cisco FMC Software is heavily impacted through some of the dangerous vulnerabilities that lead attackers to perform serious attacks such as SQL injection, command injection and remote code execution on the Cisco Firepower Management Center.

Cisco patched a remote code execution vulnerability ( CVE-2019-12687) that resides in the web UI of the Cisco Firepower Management Center (FMC) that allows attackers to execute arbitrary commands on the vulnerable devices.

There are 9 SQL injection vulnerabilities patched for Cisco FMC Software. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device.

“A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.”

Another vulnerability (CVE-2019-12678) in Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software let unauthenticated remote attacker perform DoS attack.

Cisco Security Updates

Cisco Security AdvisoryCVE IDSecurity Impact RatingCVSS Base Score
cisco-sa-20191002-asa-dos
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability		CVE-2019-12673High8.6
cisco-sa-20191002-asa-ftd-ikev1-dos
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service Vulnerability		CVE-2019-15256High8.6
cisco-sa-20191002-asa-ospf-lsa-dos
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF LSA Processing Denial of Service Vulnerability		CVE-2019-12676High7.4
cisco-sa-20191002-asa-ftd-sip-dos
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Inspection Denial of Service Vulnerability		CVE-2019-12678High8.6
cisco-sa-20191002-asa-ssl-vpn-dos
Cisco Adaptive Security Appliance Software SSL VPN Denial of Service Vulnerability		CVE-2019-12677High7.7
cisco-sa-20191002-fmc-com-inj
Cisco Firepower Management Center Command Injection Vulnerability		CVE-2019-12690High7.2
cisco-sa-20191002-fmc-rce
Cisco Firepower Management Center Remote Code Execution Vulnerability		CVE-2019-12687,CVE-2019-12688High8.8
cisco-sa-20191002-fmc-rce-12689
Cisco Firepower Management Center Remote Code Execution Vulnerability		CVE-2019-12689High7.5
cisco-sa-20191002-fmc-sql-inj
Cisco Firepower Management Center SQL Injection Vulnerabilities		CVE-2019-12679,CVE-2019-12680,CVE-2019-12681,CVE-2019-12682,CVE-2019-12683,CVE-2019-12684,CVE-2019-12685,CVE-2019-12686High8.8
cisco-sa-20191002-ftd-container-esc
Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities		CVE-2019-12675,CVE-2019-12674High8.2

Cisco advised to the affected customers to apply these patches immediately to keep the network and application safe and secure from cyber attack.

Cisco has released updates to address this vulnerability; you can find the advisory here.

Also Read: 10 Best Vulnerability Scanning Tools For Penetration Testing – 2019

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

AI

Two Systemic Jailbreaks Uncovered, Exposing Widespread Vulnerabilities in Generative AI Models

Two significant security vulnerabilities in generative AI systems have been discovered, allowing attackers to...
AI

New AI-Generated ‘TikDocs’ Exploits Trust in the Medical Profession to Drive Sales

AI-generated medical scams across TikTok and Instagram, where deepfake avatars pose as healthcare professionals...
Cyber Attack

Gamers Beware! New Attack Targets Gamers to Deploy AgeoStealer Malware

The cybersecurity landscape faces an escalating crisis as AgeoStealer joins the ranks of advanced...
CISO

Compliance And Governance: What Every CISO Needs To Know About Data Protection Regulations

The cybersecurity landscape has changed dramatically in recent years, largely due to the introduction...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

Chrome

Chrome UAF Process Vulnerabilities Actively Exploited

Security researchers have revealed that two critical use-after-free (UAF) vulnerabilities in Google Chrome’s Browser...
CVE/vulnerability

Spring Security Vulnerability Exposes Valid Usernames to Attackers

A newly identified security vulnerability, CVE-2025-22234, has exposed a critical weakness in the widely-used...
CVE/vulnerability

SAP NetWeaver 0-Day Vulnerability Enables Webshell Deployment

Cybersecurity analysts have issued a high-priority warning after several incidents revealed active exploitation of...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved