Multiple critical vulnerabilities in Cisco industrial products; update immediately

Cisco announced the release of some security patches to address multiple vulnerabilities in Firepower Threat Defense (FTD), an intrusion prevention and monitoring solution. According to the report, successful exploit of the vulnerability would allow threat actors to perform denial of service (DoS) attacks or execute arbitrary commands on affected systems.

The most severe flaw, tracked as CVE-2021-1448, was described as a command injection flaw that required local access and authentication but would allow root access to the underlying operating system. The flaw received a score of 7.8/10 according to the Common Vulnerability Scoring System (CVSS).

The report reports that this flaw exists because the arguments in user-entered commands are not validated correctly, impacting firepower 4100 and 9300 series devices. At the moment there are no functional alternative solutions.

Another reported flaw (CVE-2021-1402) was described as incorrect validation in the SSL/TSL message handler based on FTD software. The vulnerability could be exploited to trigger a DoS condition and received a score of 8.6/10 on the CVSS scale: “A remote threat actor could exploit the flaw by sending specially designed SSL/TSL messages, although this action does not trigger the error by itself,” the Cisco report notes.

Affected devices include some 3000 Series Industrial Security (ISA) implementations, ASA 5512-X/ASA 5515-X/ASA 5525-X/ASA 5545-X/ASA 5555-X Adaptive Security Appliances, Firepower Series 1000/2100, and Fire Threatpower Defense Virtual Products (FTDv).

Patch release also addresses 4 DoS flaws on the Cisco Adaptive Security Appliance (ASA) that could be exploited remotely. While the company mentions that no exploit attempts have been detected in real-world scenarios, users of affected deployments are invited to install the updates as soon as possible to fully mitigate the risk of exploitation.

Patches also address multiple medium severity issues, including four in FTD software (two also in ASA impact software), five in Firepower Management Center (FMC), and one in Firepower Device Manager (FDM).

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.