Multiple Vulnerabilities Discovered in Cisco Products

Multiple Vulnerabilities Discovered in Cisco Products

A cybersecurity alert was issued Thursday, May 7, 2020, regarding multiple vulnerabilities in Cisco products. The vulnerabilities could allow an attacker to conduct directory traversal attacks, which could potentially lead to a breach.

What It Is:
Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for directory traversal attacks. Cisco is a vendor for IT, networking and cybersecurity solutions.

Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system.

Read the original Cisco Security Advisory.

Systems Affected:

• Cisco Adaptive Security Appliance versions prior to 9.14
• Cisco Firepower Threat Defense versions prior to 6.6.0

Threat Intelligence:
There are currently no reports of these vulnerabilities being exploited in the wild.

Risk:
Government:
• Large and medium government entities: High
• Small government entities: High
Businesses:
• Large and medium business entities: High
• Small business entities: High
Home users: Low

What It Means:
If you and/or your business utilize the Cisco products mentioned above, you will need to apply the appropriate patches or appropriate mitigations provided by Cisco to vulnerable systems immediately following proper testing.

Technical Summary:
Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for directory traversal attacks. These vulnerabilities can be exploited by sending a crafted HTTP request containing directory traversal character sequences. Details of the vulnerabilities are as follows:

• CVE-2020-3187: Path traversal attack
• CVE-2020-3125: insufficient identity verification of the Kerberos key distribution center leads to authentication bypass
• CVE-2020-3259: buffer tracking issue when the software parses invalid URLs, allows for attacker to retrieve memory contents
• CVE-2020-3254: inefficient memory management, Denial of Service
• CVE-2020-3196: improper resource management for inbound SSL/TLS connections, Denial of Service
• CVE-2020-3298: improper memory protection mechanisms while processing certain OSPF packets, Denial of Service
• CVE-2020-3191: incorrect processing of certain OSPF packets leads to memory leak, Denial of Service
• CVE-2020-3195: incorrect processing of certain OSPF packets, Denial of Service

What To Do:
We recommend the following actions be taken:

• Apply appropriate patches or appropriate mitigations provided by Cisco to vulnerable systems immediately after appropriate testing.

Negative Consequences of Lost or Stolen Data:
The loss or theft of proprietary data can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

• Temporary or permanent loss of sensitive or proprietary information.
• Disruption to regular operations.
• Financial losses incurred to restore systems and files.
• Potential harm to an organization’s reputation.

Should your agency or business need assistance with issues arising from vulnerabilities in Cisco products including updates and/or patches, Dox can help. Please contact Dox if there is anything we can do to assist in securing your agency, business, or organization.

Thank you for your time and stay safe online.