Oct 27, 2021 22:30 GMT
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) are the most critically impacted products in the latest round of patches for high-rated vulnerabilities.
Background
Cisco released a series of patches on October 27th across multiple platforms. The most critically impacted platforms are Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD). In addition, one high-rated vulnerability impacts the Firepower Management Center (FMC) and the patched high-rated Snort vulnerability impacts additional products.
Though the majority of the high rated vulnerabilites addressed resolve potential Denial of Service vectors, one standout vulnerability in FTD allows for arbitrary code execution with Root level privileges.
Vulnerability Details
- Cisco Firepower Threat Defense Software Command Injection Vulnerabilities
Allows an authenticated local attacker to execute arbitrary code at Root level privileges. - Multiple Cisco Products Snort Rule Denial of Service Vulnerability
A flaw in Snort could allow a remote, unauthenticated attacker to trigger a Denial of Service in any Cisco product that utilizes Snort, such as FTD. - Cisco Firepower Management Center Software Authenticated Directory Traversal Vulnerability
A vulnerability in the web appliance of Cisco Firepower Management Center (FMC) allows for Directory Traversal, resulting in arbitrary read/write on the device. - Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Transparent Mode Denial of Service Vulnerability
A vulnerability in ASA and FTD when in Transparent mode allows a remote, unauthenticated attacker to poison the MAC Address Tables. This results in a Denial of Service. - Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Resource Exhaustion Denial of Service Vulnerability
Denial of Service Across ASA and FTD based off improper resource management when connection counts are high - Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities
Issues with the web interface of FTD and ASA products allow for remote, unauthenticated users to trigger a Denial of Service condition - Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability
An issue with TLS packet handling in ASA and FTD allow for Denial of Service on target device. - Cisco Firepower Threat Defense Software SSH Connections Denial of Service Vulnerability
By sending a high rate of SSH connections to an impacted FTD device, a Denial of Service can be achieved on the device. - Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Software-Based SSL/TLS Denial of Service Vulnerability
A vulnerability in the SSL/TLS message handling on FTD and ASA devices could cause a remote, unauthenticated attacker to reload the device, triggering a Denial of Service.
Mitigation
Given the severity of these issues, urgent updates are recommended. Consult the individual advisories for more details or potential workarounds.
Resources
Cisco Firepower Threat Defense Software Command Injection Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8
Multiple Cisco Products Snort Rule Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-RywH7ezM
Cisco Firepower Management Center Software Authenticated Directory Traversal Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-RywH7ezM
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Transparent Mode Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dos-JxYWMJyL
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Resource Exhaustion Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dos-Unk689XY
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-KSqJAKPA
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-4ygzLKU9
Cisco Firepower Threat Defense Software SSH Connections Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-rUDseW3r
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Software-Based SSL/TLS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-decrypt-dos-BMxYjm8M
