Due to vulnerabilities in Cisco Firepower Threat Defense (FTD) and Adaptive Security Appliance (ASA) software, attackers may be able to execute arbitrary commands and code on the underlying operating system.
Three major vulnerabilities in networking giant Cisco products have been the subject of an advisory from the Indian Computer Emergency Response Team (CERT-In), which is part of the Ministry of Electronics and Information Technology. These vulnerabilities could allow hackers to gain access, infiltrate computer systems, and steal data.
According to CERT-In’s most recent advisory, vulnerabilities in the Cisco Firepower Threat Defense (FTD) and Adaptive Security Appliance (ASA) software could give attackers root-level privileges to execute arbitrary commands and code on the underlying operating system, causing the device to unexpectedly reload and causing a denial of service (DoS).
The reported program contains a “Command Injection Vulnerability” because a backup file’s contents were not properly sanitized when it came time to restore it. “An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device,” the FBI stated.
An additional vulnerability pertaining to denial of service arises from insufficient error checking during the parsing of an HTTP header.
Attackers may be able to create a “DoS condition when the device reloads” by “sending a crafted HTTP request to a targeted web server on a device” in order to take advantage of this vulnerability.
A third vulnerability, known as a “code execution vulnerability,” arises when a file is read from system flash memory without adequate validation.
The cyber agency states that adding a “crafted file to the disk0: file system of an affected device” would allow an attacker to take advantage of this vulnerability.
Furthermore, CERT-In recommends that users apply the relevant upgrades that Cisco has released.
Also read: Nurturing Responsible Online Behavior in Students by Building a Culture of Digital Citizenship
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
