Cisco this week patched multiple vulnerabilities in Firepower Threat Defense (FTD) software. Some high-severity issues could have been exploited for arbitrary command execution or DoS attacks.
One bug tracked as CVE-2021-1448 has a CVSS score of 7.8, however, requires authentication and local access for successful exploitation. A successful attacker can execute arbitrary commands as a root user on CISCO’s Firepower 4100 and Firepower 9300 series appliances. The flaw stems from insufficient validation of user-supplied command arguments. No workarounds exist, the only protection is applying the most recent updates from CISO.
Another flaw tracked as CVE-2021-1402 (CVSS score of 8.6) stems from insufficient validation and impacts the software-based SSL/TLS message handler of FTD. Remote, unauthenticated attackers could exploit this vulnerability to cause DoS by sending a “crafted SSL/TLS message through an affected device.”
The security hole affects ASA 5512-X/ASA 5515-X/ASA 5525-X/ASA 5545-X/ASA 5555-X adaptive security appliances, 3000 series industrial security appliances (ISAs), Firepower 1000/2100 series, and Firepower Threat Defense Virtual (FTDv).
Four other DoS bugs in FTD addressed by this week’s patches could all be exploited remotely and also relate to Cisco Adaptive Security Appliance (ASA) software: CVE-2021-1445, CVE-2021-1504, and CVE-2021-1501 (CVSS score of 8.6), and CVE-2021-1493 (CVSS score of 8.5).
Cisco doesn’t have any reason to believe these vulnerabilities have been exploited in the wild. Nevertheless, the hardware maker recommends installing this week’s patches as a precaution.
In addition, this week, CISCO has released patches for multiple medium-severity issues. Four found in FTD software, one in Firepower Device Manager (FDM), five in Firepower Management Center (FMC), and one in the Snort detection engine.
Full information on these vulnerabilities and patches is available on Cisco’s security portal.