Cisco Patched Critical Bug In Firepower Management Center

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

Cisco have recently fixed numerous security bugs in multiple products. These also include a critical security fix in Cisco Firepower Management Center (FMC) software. Users must ensure they update their devices to the latest patched versions at the earliest.

Cisco Firepower Management Center Bug

Cisco has fixed a critical security Flaw in its Firepower Management Center (FMC). As explained in their advisory, the vulnerability existed in the web-based interface of the tool. And, upon exploitation, the bug could allow remote code execution with admin privileges on the device while bypassing authentication.

Regarding the vulnerability, CVE-2019-16028, the advisory reads,

The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device.

The flaw was deemed critical with a CVSS score of 9.8. It posed a threat to devices that allow authentication of web-based management interface users via an external LDAP server.

Cisco have released a fix for the bug in Cisco FMC software releases. Whereas, for those using earlier releases, Cisco recommends,

Cisco FMC Software releases 6.0.1 and earlier have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability.

Cisco has acknowledged the researchers Johan Anderström of QLS and Michael J. Venema of Family Care Network for reporting the flaw. While they assure no active exploitation of the bug, they urge the admins to patch their devices at the earliest owing to the severity of the bug.

Users must consult the Cisco advisory to see how they can apply the hotfix patches.

Other Security Fixes In Cisco Products

Cisco also patched numerous other bugs targeting different products. These include 7 high-severity vulnerabilities and 18 medium severity vulnerabilities. Cisco has shared the details of these flaws in separate security advisories.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!