Cisco Network Flaw Exposes Sensitive Data to Cybercriminals

Read the PDF here or the article directly here

The flaw exists in Cisco’s network security Firepower Threat Defense (FTD) software and its Adaptive Security Appliance (ASA) software.

“An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device,”

“This vulnerability… is highly dangerous,”

To eliminate the vulnerability, Klyuchnikov urged Cisco users to update Cisco ASA to the most recent version.

A high-severity vulnerability in Cisco’s network security software could lay bare sensitive data – such as WebVPN configurations and web cookies – to remote, unauthenticated attackers.

The flaw exists in the web services interface of Cisco’s Firepower Threat Defense (FTD) software, which is part of its suite of network security and traffic management products; and its Adaptive Security Appliance (ASA) software, the operating system for its family of ASA corporate network security devices.

“An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device,” according to a Wednesday advisory from Cisco. “A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device.”

The vulnerability (CVE-2020-3452), which ranks 7.5 out of 10 on the CVSS scale, is due to a lack of proper input validation of URLs in HTTP requests processed by affected devices. Specifically, the vulnerability allows attackers to conduct directory traversal attacks, which is an HTTP attack enabling bad actors to access restricted directories and execute commands outside of the web server’s root directory.

“This vulnerability… is highly dangerous,” said Mikhail Klyuchnikov of Positive Technologies, who was credited with independently reporting the flaw (along with Ahmed Aboul-Ela of RedForce), in a statement provided to Threatpost. “The cause is a failure to sufficiently verify inputs. An attacker can send a specially crafted HTTP request to gain access to the file system (RamFS), which stores data in RAM.”

A potential attacker can view files within the web services file system only. The web services file system is enabled for specific WebVPN and AnyConnect features (outlined in Cisco’s advisory). The web services files that the attacker can view may have information such as WebVPN configuration, bookmarks, web cookies, partial web content and HTTP URLs.

Cisco said the vulnerability affects products if they are running a vulnerable release of Cisco ASA Software or Cisco FTD Software, with a vulnerable AnyConnect or WebVPN configuration: “The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features,” according to its advisory. However, “this vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.”

To eliminate the vulnerability, Klyuchnikov urged Cisco users to update Cisco ASA to the most recent version. Cisco said it’s not aware of any malicious exploits for the vulnerability – however, it is aware of proof-of-concept (POC) exploit code released Wednesday by security researcher Ahmed Aboul-Ela.


Your Security is our Priority

Your friendly Support Team

Speak to us about all your computer needs

This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.


Previous
Previous

Aged Care Operator Falls Victim to Foreign Cyber Attack

Next
Next

TeamViewer Accounts Compromised in Cyber-Attack