Hacking companies networks having Cisco Firepower Threat Defense Software via CVE-2020-3308

Specialists from a cyber security audit company report finding a vulnerability in the Cisco Firepower Threat Defense (FTD) software image signature verification feature. Exploiting this flaw could allow remote threat actors authenticated with administrator-level credentials to install a malware patch on an affected device.

Apparently, this flaw exists due to incorrect validation of digital signatures for patch images. A threat actor could abuse this vulnerability by creating an unsigned software patch, dodging signature checks to load it into a target system. Successful exploiting of the vulnerability would allow hackers to initiate a patch image for malicious purposes.

The company has already released software updates that address this vulnerability.  Because there are no known workarounds to mitigate exploitation, cyber security audit company experts recommend installing official updates as soon as possible.

So far it has been verified that the failure exists in Cisco FTD releases prior to version 6.2.2.1; Cisco also reported that this vulnerability does not affect Cisco Adaptive Security Appliance (ASA) software or Cisco Firepower Management Center (FMC) software.

Cyber security audit company experts advise Cisco customers to regularly review notices for company products, available in the Security Alerts section of the Cisco website, to determine exposure and a complete upgrade solution. In all cases, customers must ensure that the upgraded devices have sufficient memory, in addition to confirming that the current hardware and software configurations will continue to be compatible with the new version.

At the time of writing, the following table was also published. The left column lists the Cisco software versions, and the right column indicates whether a version was affected by the vulnerability described in this notice and which version included the solution for this vulnerability.

In order to upgrade to a fixed version of Cisco FTD software, users can do one of the following:

  • For devices that are managed by the Cisco Firepower Management Center (FMC), use the FMC interface to install the update
  • For devices that are managed by Cisco Firepower Device Manager (FDM), use the FDM interface to install the update

For further reports on vulnerabilities, exploits, malware variants and computer security risks you can access the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.