Positive Technologies IDs Cisco Vulnerability That Allowed Criminals to Remotely Execute Arbitrary Code & Control Firewall
Users are advised to install new versions of Cisco FDM On-Box, and check for signs of penetration using NTA and SIEM systems.
August 02, 2021
PDF
August 2, 2021 – Positive Technologies researchers, Nikita Abramov and Mikhail Klyuchnikov have discovered a vulnerability in Cisco Firepower Device Manager (FDM) On-Box – a product designed to locally configure Cisco Firepower NGFW firewalls – that could have allowed attackers to control a device. According to Forrester Research, Cisco is a recognized leader in the corporate firewall market. The flaw has been patched.
Vulnerability CVE-2021-1518 gained the CVSS 3.1. score of 6.3. The flaw was discovered in REST API[1] of Cisco FDM On-Box software, and allowed an authenticated remote attacker to execute arbitrary code in the operating system of an affected device.
SonicWall Botches October Patch for Critical VPN Bug
threatpost.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from threatpost.com Daily Mail and Mail on Sunday newspapers.
SonicWall issues another fix for botched VPN patch
techradar.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from techradar.com Daily Mail and Mail on Sunday newspapers.
В межсетевых экранах Cisco исправлены уязвимости, угрожавшие компаниям с удаленными сотрудниками
securitylab.ru - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from securitylab.ru Daily Mail and Mail on Sunday newspapers.