Positive Technologies IDs Cisco Vulnerability That Allowed Criminals to Remotely Execute Arbitrary Code & Control FirewallPositive Technologies IDs Cisco Vulnerability That Allowed Criminals to Remotely Execute Arbitrary Code & Control Firewall
Users are advised to install new versions of Cisco FDM On-Box, and check for signs of penetration using NTA and SIEM systems.
August 2, 2021
August 2, 2021 – Positive Technologies researchers, Nikita Abramov and Mikhail Klyuchnikov have discovered a vulnerability in Cisco Firepower Device Manager (FDM) On-Box – a product designed to locally configure Cisco Firepower NGFW firewalls – that could have allowed attackers to control a device. According to Forrester Research, Cisco is a recognized leader in the corporate firewall market. The flaw has been patched.
Vulnerability CVE-2021-1518 gained the CVSS 3.1. score of 6.3. The flaw was discovered in REST API of Cisco FDM On-Box software, and allowed an authenticated remote attacker to execute arbitrary code in the operating system of an affected device.
Positive Technologies researcher, Nikita Abramov explains: “To exploit this vulnerability, all attackers need to do is to obtain credentials of a user with low privileges and send a specially crafted HTTP request. From a technical standpoint, the vulnerability is caused by insufficient user input validation for some REST API commands.”
Cisco FDM On-Box versions 6.3.0, 6.4.0, 6.5.0, 6.6.0, and 6.7.0 are all affected by the vulnerability. Cisco has released software updates fixing the vulnerability: 22.214.171.124, 6.4.4, and 126.96.36.199.
NTA/NDR solutions for deep traffic analysis, in particular PT Network Attack Discovery, can help detect attempts to exploit vulnerabilities in Cisco firewall. One way to detect signs of penetration is to use SIEM solutions such as MaxPatrol SIEM, which help identify suspicious behavior, register an incident, and prevent intruders from moving laterally within the corporate network.
About Positive Technologies
Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection. Commitment to clients and research has earned Positive Technologies a reputation as one of the foremost authorities on Industrial Control System, Banking, Telecom, Web Application, and ERP security, supported by recognition from the analyst community.
You May Also Like
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023