Cisco released new security updates for multiple software products such as Cisco ASA, FMC, and FTD Software that affects 18 vulnerabilities in various category.
Cisco addressed all the 18 vulnerabilities as a “High” severity category, and the successful exploitation allows malicious hackers to gain unauthorized access to the systems deployed with vulnerable Cisco software.
All the vulnerabilities affected 3 major Cisco software 1. Cisco ASA Software, 2.Cisco FMC Software, and 3. Cisco FTD Software.
Out of 18 vulnerabilities,12 vulnerabilities affected Cisco FMC Software which is used in the Cisco Firepower Management Center Virtual Appliance, Four of the vulnerabilities affect both Cisco ASA Software, and Cisco FTD Software, another 2 vulnerabilities affected Cisco ASA Software and Cisco FTD Software respectively.
In this case, Cisco FMC Software is heavily impacted through some of the dangerous vulnerabilities that lead attackers to perform serious attacks such as SQL injection, command injection and remote code execution on the Cisco Firepower Management Center.
Cisco patched a remote code execution vulnerability ( CVE-2019-12687) that resides in the web UI of the Cisco Firepower Management Center (FMC) that allows attackers to execute arbitrary commands on the vulnerable devices.
There are 9 SQL injection vulnerabilities patched for Cisco FMC Software. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device.
“A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.”
Another vulnerability (CVE-2019-12678) in Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software let unauthenticated remote attacker perform DoS attack.
Cisco advised to the affected customers to apply these patches immediately to keep the network and application safe and secure from cyber attack.
Cisco has released updates to address this vulnerability; you can find the advisory here.
Also Read: 10 Best Vulnerability Scanning Tools For Penetration Testing – 2019
Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…
Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…
The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…
Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…
Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…
Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…