Cisco announced the release of security patches for 17 high-severity vulnerabilities in its security appliances as part of its Security Advisory Bundled Publication for October 2020.
The vulnerability impacts Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC).
“The October 21, 2020 release of the ASA, FMC, and FTD Software Security Advisory Bundled Publication includes 17 Security Advisories that describe 17 vulnerabilities in ASA, FMC, and FTD Software. Cisco has released software updates for these vulnerabilities.” states the advisory.
“All of these vulnerabilities have a Security Impact Rating (SIR) of High.”
Most of the vulnerability addressed by the IT giant can be exploited by remote, unauthenticated attackers. The list of addressed vulnerabilities includes denial-of-service (DoS), CSRF, FMC authentication bypass, and MitM issues.
The company also fixed multiple vulnerabilities that require local access or authentication to be exploited, an attacker can trigger them to read or write files on a device, cause a DoS condition, bypass the secure boot mechanism, and escape containers and execute commands with root privileges.
The good news is that Cisco is not aware of attacks in the wild exploiting these vulnerabilities.
The flaw resides in the Discovery Protocol implementation for Cisco IOS XR Software and could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload an affected device.
(SecurityAffairs – hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.