Vulnerabilities Identified in Cisco Products

Vulnerabilities Identified in Cisco Products

A cybersecurity advisory was issued Friday, Oct. 4, 2019, regarding multiple vulnerabilities in Cisco products. These vulnerabilities could allow a malicious individual to execute arbitrary code with root privileges which could potentially lead to a breach.

What It Is:
Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for arbitrary code execution with root privileges on the affected system. An attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

Read the original Cisco Security Advisories below for more information:

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service Vulnerability
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF LSA Processing Denial of Service Vulnerability
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Inspection Denial of Service Vulnerability
Cisco Adaptive Security Appliance Software SSL VPN Denial of Service Vulnerability
Cisco Firepower Management Center Command Injection Vulnerability
Cisco Firepower Management Center Remote Code Execution Vulnerability
Cisco Firepower Management Center Remote Code Execution Vulnerability
Cisco Firepower Management Center SQL Injection Vulnerabilities
Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities

Threat Intelligence:
There are no reports of these vulnerabilities being exploited in the wild.

Systems Affected:

• Adaptive Security Virtual Appliance (ASAv)
• Cisco FMC Software
• Cisco products if they are running a vulnerable release of Cisco ASA Software or Cisco FTD Software that is configured to perform FTP inspection
• Cisco products that are running a vulnerable release of Cisco ASA Software and that have either the Clientless SSL VPN or AnyConnect SSL VPN enabled
• Cisco products that are running a vulnerable release of Cisco ASA Software or Cisco FTD Software that is configured to support OSPF routing
• Firepower 2100 Series Appliances
• Firepower 4100 Series Security Appliances
• Firepower 9300 Series Security Appliances
• Firepower Threat Defense Virtual (FTDv)

Risk:
Government:
• Large and medium government entities: High
• Small government entities: Medium
Businesses:
• Large and medium business entities: High
• Small business entities: Medium
Home users: Low

What It Means:
If you and/or your business utilize the Cisco products mentioned above, you will need to apply the appropriate updates provided by Cisco following proper testing.

Technical Summary:
Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for arbitrary code execution with root privileges on the affected system. Details of these vulnerabilities are as follows:

• A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. (CVE-2019-12673)
• A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated remote attacker to trigger a reload of an affected device resulting in a denial of service (DoS) condition. (CVE-2019-15256)
• A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated adjacent attacker to cause a reload of an affected device resulting in a denial of service (DoS) condition. (CVE-2019-12676)
• A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. (CVE-2019-12678)
• A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated remote attacker to cause a denial of service (DoS) condition that prevents the creation of new SSL/Transport Layer Security (TLS) connections to an affected device. (CVE-2019-12677)
• A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. (CVE-2019-12690)
• A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated remote attacker to execute arbitrary commands on an affected device. (CVE-2019-12687, CVE-2019-12688)
• A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated remote attacker to execute arbitrary code on the underlying operating system of an affected device. (CVE-2019-12689)
• Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated remote attacker to execute arbitrary SQL injections on an affected device. (CVE-2019-12679, CVE-2019-12680, CVE-2019-12681, CVE-2019-12682, CVE-2019-12683, CVE-2019-12684, CVE-2019-12685, CVE-2019-12686)
• Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. (CVE-2019-12674, CVE-2019-12675)

What To Do:
We recommend the following actions be taken:

• Install the update provided by Cisco immediately after appropriate testing.
• Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
• Remind users not to visit websites or follow links provided by unknown or untrusted sources.
• Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from untrusted sources.
• Apply the Principle of Least Privilege to all systems and services.

Negative Consequences of Lost or Stolen Data:
The loss or theft of proprietary data can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

• Temporary or permanent loss of sensitive or proprietary information.
• Disruption to regular operations.
• Financial losses incurred to restore systems and files.
• Potential harm to an organization’s reputation.

Should your agency or business need assistance with issues arising from vulnerabilities in Cisco products including updates and/or patches, Dox can help. Please contact Dox if there is anything we can do to assist in securing your agency, business, or organization.

Thank you for your time and stay safe online.