Cisco security advisory released 27 software vulnerability patches including 1 critical in Firepower Management Center software, 7 High and 19 medium severity.
CVE-2019-16028 – Cisco Firepower Management Center Lightweight Directory Access Protocol Authentication Bypass Vulnerability
Cisco Firepower Management Center provides complete and unified management over firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection. Easily go from managing a firewall to controlling applications to investigating and remediating malware outbreaks.
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device.
The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device.
Cisco security advisory released software updates that address this vulnerability.
If you are customer of Cisco Firepower Management center, then you need to update the software immediately.
Cisco FMC software vulnerability affects, if it is configured to authenticate users of the web-based management interface through an external LDAP server.
Cisco also said to Customers who are running the following Cisco FMC Software releases can remediate by doing the following:
- Releases earlier than 6.1.0: Migrate to a 6.2.3 release and apply available hotfixes.
- 6.1.0: Apply the hotfix listed in the preceding table or migrate to a 6.2.3 release and apply available hotfix.
- 6.2.0 through 6.2.2: Migrate to a 6.2.3 release and apply available hotfix.
- 6.2.3 or 6.3.0: Apply available hotfixes; maintenance releases will be available later this year.
- 6.4.0: Apply available hotfixes or upgrade to Release 126.96.36.199.
- 6.5.0: Upgrade to 188.8.131.52.
CVE-2020-3115 : Cisco SD-WAN Solution Local Privilege Escalation Vulnerability
A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system.
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted file to the affected system. An exploit could allow the attacker to elevate privileges to root-level privileges.
Cisco has released software updates that address this vulnerability.
CVE-2020-3136 : Cisco Jabber Guest Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.
Get the Cisco Security Advisory full list here.