Cisco patches actively exploited ASA/FTD firewall vulnerability

Cisco fixed a high severity and actively exploited read-only path traversal vulnerability affecting the web services interface of two of its firewall products.

The impacted products are Cisco Adaptive Security Appliance Software – the OS for standalone appliances, blades, and virtual appliance Cisco ASA devices used to protect data centers and corporate networks – and the Cisco Firepower Threat Defense Software – a unified software providing next-gen firewall services. “The web services files that the attacker can view may have information such as WebVPN configuration, bookmarks, web cookies, partial web content, and HTTP URLs,” Cisco said. As Cisco further explained, “This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system files.” The same day, Cisco warned of active exploitation, urging customers to immediately upgrade their products to block attacks designed to gain access to sensitive info by exploiting unpatched devices.

According to researchers, only about 10% of all Cisco ASA/FTD devices they found were rebooted since the release of a patch delivered for another ASA security flaw in 2016, which is potential evidence that they have been patched against CVE-2020-3452. Last week, Cisco also issued security updates to address pre-auth critical remote code execution, authentication bypass, and static default credential vulnerabilities found to affect multiple router and firewall devices that could lead to full device takeover.

Cisco Security Advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86

Nuspire recommends applying patches in accordance with vendor documentation as soon as feasible to mitigate these vulnerabilities.