Cisco has stomped out the vulnerabilities that exist in Cisco’s Firepower Threat Defense (FTD) software and traffic-management products, and its Adaptive Security Appliance (ASA) software.
Free software updates to fix the bugs
The flaw (CVE-2020-3456) that ranks 8.8 out of 10 on the CVSS scale, is a vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software. This flaw could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected device. Cisco’s cybersecurity team has found the vulnerability during internal security testing.
According to Cisco, an attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. The attacker can send arbitrary requests that could take unauthorized actions on behalf of the targeted user. the company has released free software updates that address the vulnerability.
They also discovered a flaw in Firepower’s Management Center Software (CVE-2020-3499), Cisco Firepower 2100 Series firewalls (CVE-2020-3562), Cisco Firepower 4110 appliances (CVE-2020-3571), and Cisco Firepower Threat Defense Software (CVE-2020-3563 and CVE-2020-3563).
Additionally, Cisco also released patches for multiple DoS flaws in its Adaptive Security Appliance software, including ones tied to CVE-2020-3304, CVE-2020-3529, CVE-2020-3528, CVE-2020-3554, CVE-2020-3572and CVE-2020-3373. All of these could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly.
Lastly, the company released an advisory for a vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software. This flaw could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device.