Posts for: #7.4.1.1

Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities

🚨 SEVERITY: MEDIUM — CVSS 6.5 Security Advisory

TL;DR 📌

Multiple Cisco products are affected by vulnerabilities in the Snort 3 MIME Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or restart, leading to a denial of service. Cisco has released software updates to address these vulnerabilities, but no workarounds are available.

What happened 🕵️‍♂️

Cisco has identified vulnerabilities in the HTTP Multipurpose Internet Mail Extensions (MIME) Decoder within Snort 3, which could be exploited by an unauthenticated remote attacker. These vulnerabilities may lead to the disclosure of sensitive information or cause the Snort 3 Detection Engine to restart unexpectedly, resulting in a denial of service (DoS) condition.

[]

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Access Control Rules Bypass Vulnerability

🚨 SEVERITY: MEDIUM — CVSS 5.3 Security Advisory

TL;DR 📌

A medium severity vulnerability has been identified in Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Software, allowing unauthenticated remote attackers to bypass access control rules for loopback interfaces. No workarounds are available, and software updates are necessary to mitigate the risk.

What happened 🕵️‍♂️

Cisco has disclosed a vulnerability in the access control rules implementation for loopback interfaces in its Secure Firewall ASA and FTD Software. This flaw could enable an unauthenticated remote attacker to send traffic that should be blocked to a loopback interface, effectively bypassing configured access control rules. The vulnerability arises from improper enforcement of these rules, posing a potential risk to network security.

[]

Cisco Secure Firewall Management Center and Secure Firewall Threat Defense Software Command Injection Vulnerability

🚨 SEVERITY: MEDIUM — CVSS 6.0 Security Advisory

TL;DR 📌

A command injection vulnerability has been identified in Cisco Secure Firewall Management Center (FMC) and Secure Firewall Threat Defense (FTD) Software. This medium-severity issue allows authenticated local attackers to execute arbitrary commands on the underlying operating system. Cisco has released software updates to address this vulnerability, but no workarounds are available.

What happened 🕵️‍♂️

A vulnerability in the command-line interface (CLI) of Cisco Secure Firewall Management Center (FMC) and Secure Firewall Threat Defense (FTD) Software has been discovered. This flaw arises from improper input validation for specific CLI commands, enabling an authenticated local attacker to inject operating system commands. If exploited, the attacker could escape the restricted command prompt and execute arbitrary commands as root on the underlying operating system. Successful exploitation requires valid Administrator credentials.

[]

Cisco Secure Firewall Management Center Software HTML Injection Vulnerability

🚨 SEVERITY: HIGH — CVSS 8.5 Security Advisory

TL;DR 📌

A high-severity HTML injection vulnerability has been identified in the Cisco Secure Firewall Management Center (FMC) Software. This flaw allows authenticated remote attackers to inject arbitrary HTML content into device-generated documents, potentially leading to sensitive information exposure. Cisco has released updates to address this issue, but there are no workarounds available.

What happened 🕵️‍♂️

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability arises from improper validation of user-supplied data. An attacker with valid credentials (at least Security Analyst role) could exploit this vulnerability to alter document layouts, read arbitrary files from the underlying operating system, and conduct server-side request forgery (SSRF) attacks.

[]

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software for Firepower 3100 and 4200 Series TLS 1.3 Cipher Denial of Service Vulnerability

🚨 SEVERITY: HIGH — CVSS 7.7 Security Advisory

TL;DR 📌

A vulnerability in the TLS 1.3 implementation for Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Software on Firepower 3100 and 4200 Series devices could allow an authenticated remote attacker to cause a denial of service (DoS) condition. This affects the device’s ability to accept new SSL/TLS or VPN requests. Cisco has released software updates to address this issue, and there are workarounds available.

[]