Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Authenticated Command Injection Vulnerabilities

🚨 SEVERITY: MEDIUM — CVSS 6.0 Security Advisory

TL;DR 📌

Cisco has identified multiple authenticated command injection vulnerabilities in the Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Software. These vulnerabilities could allow an authenticated local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. The highest CVSS score is 6.0, indicating a medium severity risk. Software updates are available to address these vulnerabilities, but there are no workarounds.

What happened 🕵️‍♂️

Cisco has released an advisory detailing vulnerabilities in the Secure Firewall ASA and FTD Software. These vulnerabilities stem from insufficient input validation of commands supplied by users. An attacker with valid administrative credentials could exploit these vulnerabilities to execute commands on the operating system as root. Cisco has confirmed that there are no known public exploits or malicious use of these vulnerabilities at this time.

Affected products 🖥️

The vulnerabilities affect:

  • Cisco Secure Firewall Adaptive Security Appliance (ASA) Software
  • Cisco Secure Firewall Threat Defense (FTD) Software

No products other than those listed are known to be affected.

Fixed software 🔧

Upgrade to the first fixed release in your train (or later):

Release / Product First Fixed Release Notes
1.0 Initial public release.

Workarounds 🧯

There are no workarounds available to mitigate these vulnerabilities.

Risk in context 🎯

With a CVSS score of 6.0, the risk is categorized as Medium. The vulnerabilities require authenticated access, limiting exposure primarily to local attackers with administrative credentials. However, the potential for command execution at the root level poses a significant risk if exploited.

Fast facts ⚡

  • Vulnerabilities: Authenticated command injection
  • CVSS Score: 6.0 (Medium)
  • Impact: Local authenticated attackers can execute arbitrary commands
  • Workarounds: None available
  • Status: Software updates released

For leadership 🧭

The identified vulnerabilities in Cisco Secure Firewall ASA and FTD Software present a Medium risk (CVSS 6.0). They require authenticated access, limiting exposure primarily to local administrative users. Immediate remediation is advised, with a request to patch within 7 days since fixes are available. The operational impact involves a brief maintenance window with no expected configuration drift.

Now: Review and prioritize patching affected systems.
Next: Implement the software updates as per Cisco’s guidance.
Later: Monitor for any public announcements or exploit attempts related to these vulnerabilities.