Multiple Vulnerabilities with Cisco Adaptive Security Appliance and Firepower Threat Defense

by CIRT Team

01 Nov 2020

in Security Advisories & Alerts

No Comments

1117

DESCRIPTION
October 23 – UPDATED: Multiple vulnerability has been discovered in Cisco Adaptive Security Appliance and Firepower Threat Defense, which could allow for a denial of service condition. Cisco Adaptive Security Appliance is the core operating system that delivers enterprise-class firewall capabilities and Cisco Firepower Threat Defense is an integrative software image. Successful exploitation of this vulnerability could allow an attacker to cause denial-of-service condition.

IMPACT
Multiple vulnerability has been discovered in Cisco Adaptive Security Appliance and Firepower Threat Defense, which could allow for a denial of service condition. Details of the vulnerabilities are as follows:

    • A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. (CVE-2020-3304)
    • A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. This memory leak could prevent traffic from being processed through the device, resulting in a denial of service (DoS) condition. (CVE-2020-3373)
    • A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. (CVE-2020-3529)
    • A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly. (CVE-2020-3533)
    • A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (CVE-2020-3554)
    • A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (CVE-2020-3562)
    • A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (CVE-2020-3563)
    • A vulnerability in the ICMP ingress packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 4110 appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (CVE-2020-3571)
    • A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (CVE-2020-3572)

Successful exploitation of this vulnerability could allow an attacker to cause denial-of-service condition.

SYSTEM AFFECTED
    • Cisco Adaptive Security Appliance prior to 9.12.4.2
    • Cisco Adaptive Security Appliance prior to 9.13.1.12
    • Cisco Adaptive Security Appliance prior to 9.14.1.9
    • Cisco Firepower Threat Defense Software prior to 6.4.0.9
    • Cisco Firepower Threat Defense Software prior to 6.6.0.1

RECOMMENDATIONS
Following actions are recommended to be taken:
    • Apply appropriate patches provided by Cisco to vulnerable systems immediately after appropriate testing.
    • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
    • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
    • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
    • Apply the Principle of Least Privilege to all systems and services.