12.2(13)ZD1

🚨 SEVERITY: CRITICAL — CVSS 9.0 Security Advisory

TL;DR 📌

A critical vulnerability has been identified in the web services of Cisco Secure Firewall ASA, Secure Firewall FTD, IOS, IOS XE, and IOS XR Software. This flaw could allow unauthenticated or authenticated remote attackers to execute arbitrary code on affected devices. Cisco has released fixed software to address this issue, and there are no workarounds available.

What happened 🕵️‍♂️

A vulnerability in the web services of Cisco Secure Firewall ASA and FTD Software allows unauthenticated remote attackers to execute arbitrary code on affected devices. For IOS, IOS XE, and IOS XR Software, the vulnerability can be exploited by authenticated remote attackers with low user privileges. This vulnerability arises from improper validation of user-supplied input in HTTP requests, potentially leading to complete device compromise.

Posts for: #12.2(13)ZD1

Cisco Secure Firewall Adaptive Security Appliance Software, Secure Firewall Threat Defense Software, IOS Software, IOS XE Software, and IOS XR Software Web Services Remote Code Execution Vulnerability

TL;DR 📌

What happened 🕵️‍♂️