CIO Influence
CIO Influence News IT and DevOps Networking

Cisco Fixes Vulnerability That Allowed Criminals To Remotely Execute Arbitrary Code And Control A Firewall

Cisco Fixes Vulnerability That Allowed Criminals To Remotely Execute Arbitrary Code And Control A Firewall
Users are advised to install new versions of Cisco FDM On-Box, check for signs of penetration using NTA and SIEM systems

Cisco announced that it has fixed a vulnerability in Cisco Firepower Device Manager (FDM) On-Box discovered by Positive Technologies experts Nikita Abramov and Mikhail Klyuchnikov. This device manager is designed to locally configure Cisco Firepower NGFW firewalls. According to Forrester Research, Cisco is a recognized leader in the corporate firewall market.

Recommended ITech News: Crystal Group Introduces First Military- and IEC-Compliant Video Encoder and IP KVM for Demanding Edge Environments

Vulnerability CVE-2021-1518 gained the CVSS 3.1. score of 6.3. The flaw was discovered in REST API[1] of Cisco FDM On-Box software, and allowed an authenticated remote attacker to execute arbitrary code in the operating system of an affected device.

Positive Technologies researcher, Nikita Abramov explains: “To exploit this vulnerability, all attackers need to do is to obtain credentials of a user with low privileges and send a specially crafted HTTP request. From a technical standpoint, the vulnerability is caused by insufficient user input validation for some REST API commands.”

Recommended ITech News: New CyberSN Marketplace Empowers Cybersecurity Professionals to Take Ownership of their Careers

Cisco’s FDM On-Box versions 6.3.0, 6.4.0, 6.5.0, 6.6.0, and 6.7.0 are all affected by the vulnerability. Cisco has released software updates fixing the vulnerability: 6.4.0.12, 6.4.4, and 6.7.0.2.

NTA/NDR solutions for deep traffic analysis, in particular PT Network Attack Discovery, can help detect attempts to exploit vulnerabilities in Cisco firewall. One way to detect signs of penetration is to use SIEM solutions such as MaxPatrol SIEM, which help identify suspicious behavior, register an incident, and prevent intruders from moving laterally within the corporate network.

Recommended ITech News: HackNotice Hires Two New Leaders to Drive Continued Growth in Partnerships and Customer Success

Related posts

Southern Trust Insurance Chooses Duck Creek OnDemand for its Cohesive and Comprehensive Full-Suite Capabilities

PR Newswire

GenZ EV Solutions and ADS-TEC Energy Present Battery-buffered, Ultra-fast EV Charger at the National Automobile Dealers Association (NADA) Convention

Sophos Excels in MITRE Engenuity ATT&CK Evaluations with 99 Percent Detection Coverage

CIO Influence News Desk

Leave a Comment