Malware Devil: ESB-2020.3642.3 – UPDATE [Cisco] Cisco Adaptive Security Appliance Software & Cisco Firepower Threat Defense Software: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2020.3642.3
Cisco Adaptive Security Appliance Software and Firepower
Threat Defense Software Vulnerabilities
29 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Cisco Adaptive Security Appliance Software
Cisco Firepower Threat Defense Software
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Execute Arbitrary Code/Commands — Remote with User Interaction
Denial of Service — Remote/Unauthenticated
Cross-site Scripting — Remote with User Interaction
Unauthorised Access — Remote/Unauthenticated
Reduced Security — Remote/Unauthenticated
Access Confidential Data — Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2020-3583 CVE-2020-3582 CVE-2020-3581
CVE-2020-3580 CVE-2020-3578 CVE-2020-3572
CVE-2020-3564 CVE-2020-3561 CVE-2020-3555
CVE-2020-3554 CVE-2020-3529 CVE-2020-3528
CVE-2020-3458 CVE-2020-3436 CVE-2020-3373
CVE-2020-3304

Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-QFcNEPfx
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ftpbypass-HY3UTxYu
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-frag-memleak-mCtqdP9n
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ospflls-37Xy2q6r
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-sipdos-3DGvdjvg
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-sslvpndma-dos-HRrqB9Yx
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-tcp-dos-N3DMnU4T
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webdos-fBzM5Ynw
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-fileup-dos-zvC7wtys
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-crlf-inj-BX9uRwSn
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rule-bypass-P73ABNWQ
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-sbbyp-KqP6NgrE

Comment: This bulletin contains thirteen (13) Cisco Systems security
advisories.

Revision History: June 29 2021: Vendor updated advisory “cisco-sa-asaftd-xss-multiple-FCB3vPZe” to indicate public exploit code available and being actively exploited
October 26 2020: vendor updated cisco-sa-fxos-sbbyp-KqP6NgrE
October 22 2020: Initial Release

– ————————–BEGIN INCLUDED TEXT——————–

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software Denial of Service Vulnerability

Priority: High

Advisory ID: cisco-sa-asaftd-dos-QFcNEPfx

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: Yes

Cisco Bug IDs: CSCvt35897

CVE-2020-3554

CWE-400

CVSS Score:
8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X

Summary

o A vulnerability in the TCP packet processing of Cisco Adaptive Security
Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software
could allow an unauthenticated, remote attacker to cause a denial of
service (DoS) condition on an affected device.

The vulnerability is due to a memory exhaustion condition. An attacker
could exploit this vulnerability by sending a high rate of crafted TCP
traffic through an affected device. A successful exploit could allow the
attacker to exhaust device resources, resulting in a DoS condition for
traffic transiting the affected device.

Cisco has released software updates that address this vulnerability. There
are workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-dos-QFcNEPfx

This advisory is part of the October 2020 Cisco ASA, FMC, and FTD Software
Security Advisory Bundled Publication, which includes 17 Cisco Security
Advisories that describe 17 vulnerabilities. For a complete list of the
advisories and links to them, see Cisco Event Response: October 2020 Cisco
ASA, FMC, and FTD Software Security Advisory Bundled Publication .

Affected Products

o Vulnerable Products

This vulnerability affects vulnerable releases of Cisco ASA Software and
Cisco FTD Software.

For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Indicators of Compromise

o A device may have been exploited by this vulnerability if the show blocks
command indicates a leak of 9344-byte memory blocks. The device may stop
passing traffic or performance could degrade due to this memory leak. In
this example, the memory blocks of 9344 bytes are leaked, resulting in zero
(0) blocks being available.

# show blocks
SIZE MAX LOW CNT
0 1450 1448 1450
4 100 99 99
80 1000 950 984
256 4148 3898 4040
1550 6279 6184 6258
2048 600 598 600
2560 164 164 164
4096 100 100 100
8192 100 100 100
9344 60000 0 0
16384 102 102 102
65536 16 16 16

Contact the Cisco Technical Assistance Center (TAC) if additional
assistance is required to determine whether the device has been impacted by
exploitation of this vulnerability.

Workarounds

o As a workaround, an administrator may implement the fragment reassembly
full [interface-name] command. There may be a performance impact when
implementing this command.

Fixed Software

o Cisco has released free software updates that address the vulnerability
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.

When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.

In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.

Customers Without Service Contracts

Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html

Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.

Fixed Releases

In the following table(s), the left column lists Cisco software releases.
The center column indicates whether a release is affected by the
vulnerability described in this advisory and the first release that
includes the fix for this vulnerability. The right column indicates whether
a release is affected by any of the vulnerabilities described in this
bundle and which release includes fixes for those vulnerabilities.

Cisco ASA Software

Cisco ASA First Fixed Release First Fixed Release for All the
Software for This Vulnerabilities Described in the Bundle
Release Vulnerability of Advisories
Earlier than Not vulnerable. Migrate to a fixed release.
9.6 ^1
9.6 ^1 Not vulnerable. 9.6.4.45
9.7 ^1 Not vulnerable. Migrate to a fixed release.
9.8 Not vulnerable. 9.8.4.29
9.9 Not vulnerable. 9.9.2.80
9.10 Not vulnerable. 9.10.1.44
9.12 9.12.4.3 9.12.4.4
9.13 9.13.1.13 9.13.1.13
9.14 9.14.1.10 9.14.1.30

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

Cisco FTD First Fixed Release First Fixed Release for All the
Software for This Vulnerabilities Described in the Bundle
Release Vulnerability of Advisories
Earlier than Not vulnerable. Migrate to a fixed release.
6.2.2 ^1
6.2.2 Not vulnerable. Migrate to a fixed release.
6.2.3 Not vulnerable. Migrate to a fixed release.
6.3.0 Not vulnerable. Migrate to a fixed release.
6.4.0 6.4.0.10 Migrate to a fixed release.
6.5.0 6.5.0.5 (future Migrate to a fixed release.
release)
6.6.0 6.6.1 6.6.1

1. Cisco FMC and FTD Software releases 6.0.1 and earlier, as well as
releases 6.2.0 and 6.2.1, have reached end of software maintenance.
Customers are advised to migrate to a supported release that includes the
fix for this vulnerability.

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

For devices that are managed by using Cisco Firepower Management Center
(FMC), use the FMC interface to install the upgrade. After installation
is complete, reapply the access control policy.
For devices that are managed by using Cisco Firepower Device Manager
(FDM), use the FDM interface to install the upgrade. After installation
is complete, reapply the access control policy.

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found by Santosh Krishnamurthy of Cisco during
internal security testing.

Cisco Security Vulnerability Policy

o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.

Related to This Advisory

o Cisco Event Response: October 2020 Cisco ASA, FMC, and FTD Software
Security Advisory Bundled Publication

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-dos-QFcNEPfx

Revision History

o +———-+—————————+———-+——–+————–+
| Version | Description | Section | Status | Date |
+———-+—————————+———-+——–+————–+
| 1.0 | Initial public release. | – | Final | 2020-OCT-21 |
+———-+—————————+———-+——–+————–+

– ——————————————————————————–

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software FTP Inspection Bypass Vulnerability

Priority: Medium

Advisory ID: cisco-sa-asaftd-ftpbypass-HY3UTxYu

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvt13445

CVE-2020-3564

CWE-284

CVSS Score:
5.8 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X

Summary

o A vulnerability in the FTP inspection engine of Cisco Adaptive Security
Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software
could allow an unauthenticated, remote attacker to bypass FTP inspection.

The vulnerability is due to ineffective flow tracking of FTP traffic. An
attacker could exploit this vulnerability by sending crafted FTP traffic
through an affected device. A successful exploit could allow the attacker
to bypass FTP inspection and successfully complete FTP connections.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-ftpbypass-HY3UTxYu

Affected Products

o Vulnerable Products

At the time of publication, this vulnerability affected devices if they
were running a vulnerable release of Cisco ASA Software or FTD Software and
had strict FTP inspection enabled.

For information about which Cisco software releases were vulnerable, see
the Fixed Software section of this advisory. See the Details section in the
bug ID(s) at the top of this advisory for the most complete and current
information.

Determine Whether FTP Inspection Is Enabled on an ASA

To determine whether FTP inspection is enabled on an ASA, use the show
running-config policy-map command and then the show running-config
service-policy command.

Use the show running-config policy-map command and check whether the
inspect ftp strict command is present in at least one policy map. In the
following output, the global-policy policy map includes the inspect ftp
strict command:

asa# show running-config policy-map
!
policy-map global_policy
class inspection_default
inspect ip-options
inspect netbios
inspect rtsp
inspect sunrpc
inspect tftp
inspect xdmcp
inspect dns preset_dns_map
inspect ftp strict
inspect h323 h225

Use the show running-config service-policy command and check whether the
policy map is applied, either globally or to a single interface. The
following output shows the global-policy policy map applied globally:

asa# show running-config service-policy
service-policy global_policy global

If the policy map that contains the inspect ftp strict command is applied
globally or to an interface, strict FTP inspection is enabled.

Determine Whether FTP Inspection Is Enabled on FTD

Configuring inspect ftp strict on FTD requires the use of FlexConfig. To
determine if inspect ftp strict is enabled on an FTD device, Secure Shell
(SSH) to the management interface of the device and use the process
previously outlined for the ASA.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.

Fixed Releases

At the time of publication, the release information in the following table
(s) was accurate. See the Details section in the bug ID(s) at the top of
this advisory for the most complete and current information.

The left column lists Cisco software releases, and the right column
indicates whether a release was affected by the vulnerability described in
this advisory and which release included the fix for this vulnerability.

Cisco ASA Software

Cisco First Fixed
ASA Release for
Software This
Release Vulnerability
Earlier Migrate to a
than 9.6 fixed
^1 release.
Migrate to a
9.6 ^1 fixed
release.
Migrate to a
9.7 ^1 fixed
release.
9.8 9.8.4.26
9.9 9.9.2.80
9.10 9.10.1.44
9.12 9.12.4.2
9.13 9.13.1.13
9.14 9.14.1.19

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

Cisco First Fixed
FTD Release for
Software This
Release Vulnerability
Earlier Migrate to a
than fixed
6.2.2 ^1 release.
Migrate to a
6.2.2 fixed
release.
Migrate to a
6.2.3 fixed
release.
6.3.0.6
6.3.0 (future
release)
6.4.0 6.4.0.10
6.5.0.5
6.5.0 (future
release)
6.6.0 6.6.1

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-ftpbypass-HY3UTxYu

Revision History

– ——————————————————————————–

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software IP Fragment Memory Leak Vulnerability

Priority: High

Advisory ID: cisco-sa-asaftd-frag-memleak-mCtqdP9n

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvu47925

CVE-2020-3373

CWE-400

Summary

o A vulnerability in the IP fragment-handling implementation of Cisco
Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat
Defense (FTD) Software could allow an unauthenticated, remote attacker to
cause a memory leak on an affected device. This memory leak could prevent
traffic from being processed through the device, resulting in a denial of
service (DoS) condition.

The vulnerability is due to improper error handling when specific failures
occur during IP fragment reassembly. An attacker could exploit this
vulnerability by sending crafted, fragmented IP traffic to a targeted
device. A successful exploit could allow the attacker to continuously
consume memory on the affected device and eventually impact traffic,
resulting in a DoS condition. The device could require a manual reboot to
recover from the DoS condition.

Note: This vulnerability applies to both IP Version 4 (IPv4) and IP Version
6 (IPv6) traffic.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-frag-memleak-mCtqdP9n

Affected Products

o Vulnerable Products

This vulnerability affects Cisco products if they are running Cisco FTD
Software Release 6.6.0.1 or one of the following Cisco ASA Software
releases:

9.8.4.22
9.8.4.25
9.12.4.2
9.12.4.3
9.13.1.12
9.14.1.15

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Indicators of Compromise

o A device may have been compromised by this vulnerability if the show blocks
command indicates a leak of larger-size memory blocks (2,048 or above). If
there is a memory leak, the device could stop passing traffic or
performance could degrade. In the following example, the memory blocks of
size 9344 have leaked to the point where there are 0 blocks available:

Contact the Cisco Technical Assistance Center (TAC) if additional
assistance is required to determine whether a device has been compromised
by exploitation of this vulnerability.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

Customers Without Service Contracts

Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.

Fixed Releases

Cisco ASA Software

Cisco ASA First Fixed Release for First Fixed Release for All
Software This Vulnerability Vulnerabilities Described in the
Release Bundle of Advisories
Earlier than Not vulnerable. Migrate to a fixed release.
9.6 ^1
9.6 ^1 Not vulnerable. 9.6.4.45
9.7 ^1 Not vulnerable. Migrate to a fixed release.
9.8.4.26 (only 9.8.4.22
9.8 and 9.8.4.25 are 9.8.4.29
vulnerable)
9.9 Not vulnerable 9.9.2.80
9.10 Not vulnerable 9.10.1.44
9.12.4.4 (only 9.12.4.2
9.12 and 9.12.4.3 are 9.12.4.4
vulnerable)
9.13 9.13.1.13 (only 9.13.1.13
9.13.1.12 is vulnerable)
9.14 9.14.1.19 (only 9.14.1.30
9.14.1.15 is vulnerable)

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

Cisco FTD First Fixed Release First Fixed Release for All
Software for This Vulnerabilities Described in the Bundle
Release Vulnerability of Advisories
Earlier than Not vulnerable. Migrate to a fixed release.
6.2.2 ^1
6.2.2 Not vulnerable. Migrate to a fixed release.
6.2.3 Not vulnerable. Migrate to a fixed release.
6.3.0 Not vulnerable. Migrate to a fixed release.
6.4.0 Not vulnerable. Migrate to a fixed release.
6.5.0 Not vulnerable. Migrate to a fixed release.
6.6.0 6.6.1 6.6.1

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found by Santosh Krishnamurthy of Cisco during
internal security testing.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-frag-memleak-mCtqdP9n

Revision History

– ——————————————————————————–

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software OSPFv2 Link-Local Signaling Denial of Service Vulnerability

Priority: High

Advisory ID: cisco-sa-asaftd-ospflls-37Xy2q6r

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvt83121

CVE-2020-3528

CWE-400

Summary

o A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco
Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat
Defense (FTD) Software could allow an unauthenticated, remote attacker to
cause an affected device to reload, resulting in a denial of service (DoS)
condition.

The vulnerability is due to incomplete input validation when the affected
software processes certain OSPFv2 packets with Link-Local Signaling (LLS)
data. An attacker could exploit this vulnerability by sending a malformed
OSPFv2 packet to an affected device. A successful exploit could allow the
attacker to cause an affected device to reload, resulting in a DoS
condition.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-ospflls-37Xy2q6r

Affected Products

o Vulnerable Products

This vulnerability affects Cisco products if they are running a vulnerable
release of Cisco ASA Software or FTD Software and are configured to support
OSPF routing.

Note: Devices that are configured for OSPF Version 3 (OSPFv3) only are not
affected by this vulnerability.

For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.

Determine Whether OSPF Routing Is Configured on a Cisco ASA Device

To determine whether OSPF routing is configured on a Cisco ASA device, use
the show ospf neighbor privileged mode command. If no output is returned,
OSPF routing is not configured. In the following example, the device is
configured for OSPF routing:

asa# show ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
6.1.1.1 1 FULL/DR 0:00:39 10.1.1.2 outside
.
.
.

Determine Whether OSPF Routing Is Configured on a Cisco FTD Device

To determine whether OSPF routing is configured on a Cisco FTD device, do
one of the following:

For devices that are managed by using Cisco Firepower Management Center
(FMC), choose Devices > Device Management , choose a specific device,
and then choose Routing > OSPF . If either Process 1 or Process 2 has a
check mark, OSPF is enabled on the device.
For devices that are managed by using Cisco Firepower Device Manager
(FDM), choose Device > Advanced Configuration > View Configuration >
Smart CLI > Routing . If there is an object with the type of OSPF ,
then OSPF is enabled on the device.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

Customers Without Service Contracts

Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.

Fixed Releases

Cisco ASA Software

Cisco ASA First Fixed Release First Fixed Release for All
Software for This Vulnerabilities Described in the Bundle
Release Vulnerability of Advisories
Earlier than Migrate to a fixed Migrate to a fixed release.
9.6 ^1 release.
9.6 ^1 9.6.4.45 9.6.4.45
9.7 ^1 Migrate to a fixed Migrate to a fixed release.
release.
9.8 9.8.4.22 9.8.4.29
9.9 9.9.2.80 9.9.2.80
9.10 9.10.1.44 9.10.1.44
9.12 9.12.4.2 9.12.4.4
9.13 9.13.1.12 9.13.1.13
9.14 9.14.1.15 9.14.1.30

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

Cisco FTD First Fixed Release First Fixed Release for All
Software for This Vulnerabilities Described in the Bundle
Release Vulnerability of Advisories
Earlier than Migrate to a fixed Migrate to a fixed release.
6.2.2 ^1 release.
6.2.2 Migrate to a fixed Migrate to a fixed release.
release.
6.2.3 Migrate to a fixed Migrate to a fixed release.
release.
6.3.0 6.3.0.6 (future Migrate to a fixed release.
release)
6.4.0 6.4.0.10 Migrate to a fixed release.
6.5.0 6.5.0.5 (future Migrate to a fixed release.
release)
6.6.0 6.6.1 6.6.1

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found by Santosh Krishnamurthy of Cisco during
internal security testing.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-ospflls-37Xy2q6r

Revision History

– ——————————————————————————–

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software SIP Denial of Service Vulnerability

Priority: Medium

Advisory ID: cisco-sa-asaftd-sipdos-3DGvdjvg

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvu15801

CVE-2020-3555

CWE-404

Summary

o A vulnerability in the SIP inspection process of Cisco Adaptive Security
Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software
could allow an unauthenticated, remote attacker to cause a crash and reload
of an affected device, resulting in a denial of service (DoS) condition.

The vulnerability is due to a watchdog timeout and crash during the cleanup
of threads that are associated with a SIP connection that is being deleted
from the connection list. An attacker could exploit this vulnerability by
sending a high rate of crafted SIP traffic through an affected device. A
successful exploit could allow the attacker to cause a watchdog timeout and
crash, resulting in a crash and reload of the affected device.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-sipdos-3DGvdjvg

Affected Products

o Vulnerable Products

At the time of publication, this vulnerability affected Cisco products if
they were running a vulnerable release of Cisco ASA Software or FTD
Software and were configured to perform inspection of SIP traffic.

For information about which Cisco software releases were vulnerable at the
time of publication, see the Fixed Software section of this advisory. See
the Details section in the bug ID(s) at the top of this advisory for the
most complete and current information.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

Fixed Releases

Cisco ASA Software

Cisco ASA Software Release First Fixed Release for This Vulnerability
Earlier than 9.6 ^1 Migrate to a fixed release.
9.6 ^1 9.6.4.43
9.7 ^1 Migrate to a fixed release.
9.8 9.8.4.26
9.9 9.9.2.80
9.10 9.10.1.43
9.12 9.12.4.2
9.13 9.13.1.13
9.14 9.14.1.19

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

Cisco FTD Software Release First Fixed Release for This Vulnerability
Earlier than 6.2.2 ^1 Migrate to a fixed release.
6.2.2 Migrate to a fixed release.
6.2.3 Migrate to a fixed release.
6.3.0 6.3.0.6 (future release)
6.4.0 6.4.0.10
6.5.0 6.5.0.5 (future release)
6.6.0 6.6.1

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found during the resolution of a Cisco TAC support
case.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-sipdos-3DGvdjvg

Revision History

– ——————————————————————————–

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software SSL VPN Direct Memory Access Denial of Service Vulnerability

Priority: High

Advisory ID: cisco-sa-asaftd-sslvpndma-dos-HRrqB9Yx

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvu59817

CVE-2020-3529

CWE-400

Summary

o A vulnerability in the SSL VPN negotiation process for Cisco Adaptive
Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)
Software could allow an unauthenticated, remote attacker to cause a reload
of an affected device, resulting in a denial of service (DoS) condition.

The vulnerability is due to inefficient direct memory access (DMA) memory
management during the negotiation phase of an SSL VPN connection. An
attacker could exploit this vulnerability by sending a steady stream of
crafted Datagram TLS (DTLS) traffic to an affected device. A successful
exploit could allow the attacker to exhaust DMA memory on the device and
cause a DoS condition.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-sslvpndma-dos-HRrqB9Yx

Affected Products

o Vulnerable Products

This vulnerability affects Cisco products if they are running a vulnerable
release of Cisco ASA Software or FTD Software and have Clientless SSL VPN
or AnyConnect SSL VPN configured.

For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.

Determine Whether an SSL VPN Is Configured

To determine whether Clientless SSL VPN or AnyConnect SSL VPN is enabled on
a device, use the show running-config webvpn command. The following example
shows the output of the command for a device that has Clientless SSL VPN or
AnyConnect SSL VPN enabled:

cisco# show running-config webvpn
webvpn
.
.
.
enable
.
.
.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Indicators of Compromise

o Exploitation of this vulnerability could cause an affected device to run
low on DMA memory. To check whether Free memory is decreasing without
increasing, use the show memory detail | begin MEMPOOL_DMA command and
monitor the output, which is shown in the following example:

device(config)# show memory detail | begin MEMPOOL_DMA
MEMPOOL_DMA POOL STATS:

Non-mmapped bytes allocated = 222298112
Number of free chunks = 162
Number of mmapped regions = 0
Mmapped bytes allocated = 0
Max memory footprint = 222298112
Keepcost = 3264
Max contiguous free mem = 3264
Allocated memory in use = 222259824
Free memory = 38288

If the value of the Free memory counter decreases quickly for a sustained
period of time, administrators are advised to contact the Cisco Technical
Assistance Center (TAC) for further investigation.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

Customers Without Service Contracts

Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.

Fixed Releases

Cisco ASA Software

Cisco ASA First Fixed Release First Fixed Release for All
Software for This Vulnerabilities Described in the Bundle
Release Vulnerability of Advisories
Earlier than Migrate to a fixed Migrate to a fixed release.
9.6 ^1 release.
9.6 ^1 9.6.4.45 9.6.4.45
9.7 ^1 Migrate to a fixed Migrate to a fixed release.
release.
9.8 9.8.4.29 9.8.4.29
9.9 9.9.2.80 9.9.2.80
9.10 9.10.1.44 9.10.1.44
9.12 9.12.4.4 9.12.4.4
9.13 9.13.1.13 9.13.1.13
9.14 9.14.1.30 9.14.1.30

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found during the resolution of a Cisco TAC support
case.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-sslvpndma-dos-HRrqB9Yx

Revision History

– ——————————————————————————–

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software SSL/TLS Session Denial of Service Vulnerability

Priority: High

Advisory ID: cisco-sa-asa-ftd-tcp-dos-N3DMnU4T

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvu46685

CVE-2020-3572

CWE-400

Summary

o A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security
Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software
could allow an unauthenticated, remote attacker to cause a denial of
service (DoS) condition on an affected device.

The vulnerability is due to a memory leak when closing SSL/TLS connections
in a specific state. An attacker could exploit this vulnerability by
establishing several SSL/TLS sessions and ensuring they are closed under
certain conditions. A successful exploit could allow the attacker to
exhaust memory resources in the affected device, which would prevent it
from processing new SSL/TLS connections, resulting in a DoS. Manual
intervention is required to recover an affected device.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asa-ftd-tcp-dos-N3DMnU4T

Affected Products

o Vulnerable Products

This vulnerability affects Cisco devices if they are running a vulnerable
release of Cisco ASA Software or Cisco FTD Software and have a feature
enabled that causes the device to process SSL/TLS messages. These features
include, but are not limited to, the following:

AnyConnect SSL VPN
Clientless SSL VPN
HTTP server used for the management interface

For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.

Determine Whether a Device Could Process SSL or TLS Messages

To verify whether a device that is running Cisco ASA Software or Cisco FTD
Software could process SSL or TLS packets, use the show asp table socket |
include SSL|DTLS command and verify that it returns output. When this
command returns any output, the device is vulnerable. When this command
returns empty output, the device is not affected by the vulnerability
described in this advisory. The following example shows the output of the
show asp table socket | include SSL|DTLS command from a device that is
vulnerable:

device# show asp table socket | include SSL|DTLS
SSL 0005aa68 LISTEN x.x.x.x:443 0.0.0.0:*
SSL 002d9e38 LISTEN x.x.x.x:8443 0.0.0.0:*
DTLS 0018f7a8 LISTEN 10.0.0.250:443 0.0.0.0:*

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

Customers Without Service Contracts

Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.

Fixed Releases

Cisco ASA Software

Cisco ASA First Fixed Release First Fixed Release for All the
Software for This Vulnerabilities Described in the Bundle
Release Vulnerability of Advisories
Earlier than Migrate to a fixed Migrate to a fixed release.
9.6 ^1 release.
9.6 ^1 9.6.4.45 9.6.4.45
9.7 ^1 Migrate to a fixed Migrate to a fixed release.
release.
9.8 9.8.4.26 9.8.4.29
9.9 9.9.2.80 9.9.2.80
9.10 9.10.1.44 9.10.1.44
9.12 9.12.4.4 9.12.4.4
9.13 9.13.1.13 9.13.1.13
9.14 9.14.1.1 9.14.1.30

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

Cisco FTD First Fixed Release First Fixed Release for All the
Software for This Vulnerabilities Described in the Bundle
Release Vulnerability of Advisories
Earlier than Migrate to a fixed Migrate to a fixed release.
6.2.2 ^1 release.
6.2.2 Migrate to a fixed Migrate to a fixed release.
release.
6.2.3 Migrate to a fixed Migrate to a fixed release.
release.
6.3.0 6.3.0.6 (future Migrate to a fixed release.
release)
6.4.0 6.4.0.10 Migrate to a fixed release.
6.5.0 6.5.0.5 (future Migrate to a fixed release.
release)
6.6.0 6.6.1 6.6.1

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found by Azita Parsamanesh of Cisco during internal
security testing.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asa-ftd-tcp-dos-N3DMnU4T

Revision History

– ——————————————————————————–

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software Web Services Denial of Service Vulnerability

Priority: High

Advisory ID: cisco-sa-asaftd-webdos-fBzM5Ynw

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvs10748CSCvt70322

CVE-2020-3304

CWE-400

CVSS Score:
8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X

Summary

o A vulnerability in the web interface of Cisco Adaptive Security Appliance
(ASA) Software and Firepower Threat Defense (FTD) Software could allow an
unauthenticated, remote attacker to cause an affected device to reload
unexpectedly, resulting in a denial of service (DoS) condition.

The vulnerability is due to a lack of proper input validation of HTTP
requests. An attacker could exploit this vulnerability by sending a crafted
HTTP request to an affected device. An exploit could allow the attacker to
cause a DoS condition.

Note: This vulnerability applies to IP Version 4 (IPv4) and IP Version 6
(IPv6) HTTP traffic.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-webdos-fBzM5Ynw

Affected Products

o Vulnerable Products

This vulnerability affects Cisco products if they are running a vulnerable
release of Cisco ASA Software or FTD Software with a vulnerable HTTP
configuration.

For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.

Cisco ASA Software

In the following table, the left column lists the vulnerable Cisco ASA
Software feature(s). The right column indicates the basic configuration
from the show running-config CLI command. If the device is running a
vulnerable software release and is configured for a vulnerable feature, it
is affected by this vulnerability.

Cisco ASA Software Feature Vulnerable Configuration
Adaptive Security Device http server enable
Manager (ASDM) ^1 http

http server enable
Cisco Security Manager ^1 http

REST API ^2 rest-api image disk0:/
rest-api agent

1. ASDM and Cisco Security Manager are vulnerable from an IP address in the
configured http command range only.
2. The REST API is first supported in Cisco ASA Software Release 9.3.2.

Cisco FTD Software

In the following table, the left column lists the vulnerable Cisco FTD
Software feature(s). The right column indicates the basic configuration
from the show running-config CLI command. If the device is running a
vulnerable software release and is configured for a vulnerable feature, it
is affected by this vulnerability.

Cisco FTD Software Vulnerable Configuration
Feature
HTTP Service enabled ^ http server enable
1 http

1. The HTTP feature is enabled through Firepower Threat Defense Platform
Settings > HTTP in Cisco Firepower Management Center (FMC).

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

Customers Without Service Contracts

Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.

Fixed Releases

Cisco ASA Software

Cisco ASA First Fixed Release First Fixed Release for All
Software for This Vulnerabilities Described in the Bundle
Release Vulnerability of Advisories
Earlier than Migrate to a fixed Migrate to a fixed release.
9.6 ^1 release.
9.6 ^1 9.6.4.45 9.6.4.45
9.7 ^1 Migrate to a fixed Migrate to a fixed release.
release.
9.8 9.8.4.22 9.8.4.29
9.9 9.9.2.80 9.9.2.80
9.10 9.10.1.44 9.10.1.44
9.12 9.12.3.12 9.12.4.4
9.13 9.13.1.12 9.13.1.13
9.14 9.14.1.10 9.14.1.30

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found during the resolution of a Cisco TAC support
case.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-webdos-fBzM5Ynw

Revision History

– ——————————————————————————–

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software Web Services File Upload Denial of Service Vulnerability

Priority: High

Advisory ID: cisco-sa-asaftd-fileup-dos-zvC7wtys

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvt60190

CVE-2020-3436

CWE-434

CVSS Score:
8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X

Summary

o A vulnerability in the web services interface of Cisco Adaptive Security
Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could
allow an unauthenticated, remote attacker to upload arbitrary-sized files
to specific folders on an affected device, which could lead to an
unexpected device reload.

The vulnerability exists because the affected software does not efficiently
handle the writing of large files to specific folders on the local file
system. An attacker could exploit this vulnerability by uploading files to
those specific folders. A successful exploit could allow the attacker to
write a file that triggers a watchdog timeout, which would cause the device
to unexpectedly reload, causing a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-fileup-dos-zvC7wtys

Affected Products

o Vulnerable Products

This vulnerability affects Cisco products if they are running a vulnerable
release of Cisco ASA Software or Cisco FTD Software with a vulnerable
AnyConnect or WebVPN configuration.

For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.

ASA Software

In the following table, the left column lists the Cisco ASA features that
are vulnerable. The right column indicates the basic configuration for the
feature from the show running-config CLI command. If the device is
configured for one of these features, it is vulnerable.

Cisco ASA Vulnerable Configuration
Feature
AnyConnect
IKEv2
Remote crypto ikev2 enable client-services port
Access
(with
client
services)
AnyConnect webvpn
SSL VPN enable

Clientless webvpn
SSL VPN enable

FTD Software

In the following table, the left column lists the Cisco FTD features that
are vulnerable. The right column indicates the basic configuration for the
feature from the show running-config CLI command. If the device is
configured for one of these features, it is vulnerable.

On devices running Cisco FTD Software, the show running-config command is
available from Diagnostic CLI mode only. To enter Diagnostic CLI mode, use
the system support diagnostic-cli command in the regular Firepower Threat
Defense CLI.

Cisco FTD Vulnerable Configuration
Feature
AnyConnect
IKEv2
Remote
Access crypto ikev2 enable client-services port
(with
client
services)
^1,2
AnyConnect webvpn
SSL VPN ^ enable
1,2

1. Remote Access VPN features are enabled through Devices > VPN > Remote
Access in the Cisco Firepower Management Center (FMC) or through Device >
Remote Access VPN in Cisco Firepower Device Manager (FDM).
2. Remote Access VPN features were first supported as of Cisco FTD Software
Release 6.2.2.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

o Cisco has released free software updates that address the vulnerability
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license: https://www.cisco.com/c/en/us/products/
end-user-license-agreement.html

When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories and Alerts page , to determine exposure and a
complete upgrade solution.

Customers Without Service Contracts

Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.

Fixed Releases

Cisco ASA Software

Cisco ASA First Fixed Release First Fixed Release for All
Software for This Vulnerabilities Described in the Bundle
Release Vulnerability of Advisories
Earlier than Migrate to a fixed Migrate to a fixed release.
9.6 ^1 release.
9.6 ^1 9.6.4.45 9.6.4.45
9.7 ^1 Migrate to a fixed Migrate to a fixed release.
release.
9.8 9.8.4.25 9.8.4.29
9.9 9.9.2.80 9.9.2.80
9.10 9.10.1.44 9.10.1.44
9.12 9.12.4.2 9.12.4.4
9.13 9.13.1.12 9.13.1.13
9.14 9.14.1.15 9.14.1.30

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found by Ilkin Gasimov of Cisco during internal
security testing.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-fileup-dos-zvC7wtys

Revision History

– ——————————————————————————–

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software Web Services Interface Cross-Site Scripting Vulnerabilities

Priority: Medium
Advisory ID: cisco-sa-asaftd-xss-multiple-FCB3vPZe
First Published: 2020 October 21 16:00 GMT
Last Updated: 2021 June 28 15:14 GMT
Version 3.1: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvu44910 CSCvu75581 CSCvu83309 CSCvv13835 CSCvw53796
CVE Names: CVE-2020-3580 CVE-2020-3581 CVE-2020-3582 CVE-2020-3583
CWEs: CWE-79

Summary

o Update June 28, 2021 : Cisco has become aware that public exploit code
exists for CVE-2020-3580, and this vulnerability is being actively
exploited.

Multiple vulnerabilities in the web services interface of Cisco Adaptive
Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)
Software could allow an unauthenticated, remote attacker to conduct
cross-site scripting (XSS) attacks against a user of the web services
interface of an affected device.

The vulnerabilities are due to insufficient validation of user-supplied
input by the web services interface of an affected device. An attacker
could exploit these vulnerabilities by persuading a user of the interface
to click a crafted link. A successful exploit could allow the attacker to
execute arbitrary script code in the context of the interface or allow the
attacker to access sensitive, browser-based information.

Note: These vulnerabilities affect only specific AnyConnect and WebVPN
configurations. For more information, see the Vulnerable Products section.

Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe

Affected Products

o Vulnerable Products

At the time of publication, these vulnerabilities affected Cisco products
if they were running a vulnerable release of Cisco ASA Software or FTD
Software with a vulnerable AnyConnect or WebVPN configuration.

Cisco ASA Software

In the following table, the left column lists the Cisco ASA Software
features that were vulnerable at the time of publication. The right column
indicates the basic configuration for each feature from the show
running-config CLI command. If a device is running a vulnerable release and
is configured for one of these features, it is affected by these
vulnerabilities.

Cisco ASA Vulnerable Configuration
Software
Feature
AnyConnect
Internet
Key
Exchange
Version 2 crypto ikev2 enable client-services port
(IKEv2)
Remote
Access
(with
client
services)
AnyConnect webvpn
SSL VPN enable

Clientless webvpn
SSL VPN enable

Cisco FTD Software

In the following table, the left column lists the Cisco FTD Software
features that were vulnerable at the time of publication. The right column
indicates the basic configuration for each feature from the show
running-config CLI command. If a device is running a vulnerable release and
is configured for one of these features, it is affected by these
vulnerabilities.

Cisco FTD Vulnerable Configuration
Software
Feature
AnyConnect
Internet
Key
Exchange
Version 2
(IKEv2) crypto ikev2 enable client-services port
Remote
Access
(with
client
services)
^1,2
AnyConnect webvpn
SSL VPN ^ enable
1,2

1. Remote Access VPN features are first supported in Cisco FTD Software
Release 6.2.2.
2. Remote Access VPN features are enabled by using Devices > VPN > Remote
Access in Cisco Firepower Management Center (FMC) or by using Device >
Remote Access VPN in Cisco Firepower Device Manager (FDM).

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.

Cisco has confirmed that these vulnerabilities do not affect Cisco
Firepower Management Center (FMC) Software.

Workarounds

o There are no workarounds that address these vulnerabilities.

Fixed Software

Fixed Releases

The left column lists Cisco software releases, and the right column
indicates whether a release was affected by the vulnerabilities described
in this advisory and which release included the fix for these
vulnerabilities.

Note: It was found that the fix for CVE-2020-3581 was incomplete and is now
fixed and tracked by CSCvw53796 . The First Fixed Release for These
Vulnerabilities column has been updated to account for the complete fix.

Cisco ASA Software

Cisco ASA Software Release First Fixed Release for These Vulnerabilities
Earlier than 9.6 ^1 Migrate to a fixed release.
9.6 ^1 Migrate to a fixed release.
9.7 ^1 Migrate to a fixed release.
9.8 9.8.4.34
9.9 9.9.2.85
9.10 ^1 Migrate to a fixed release.
9.12 9.12.4.13
9.13 9.13.1.21
9.14 9.14.2.8
9.15 9.15.1.15

1. Cisco ASA Software releases 9.7 and earlier, as well as Release 9.10,
have reached end of software maintenance . Customers are advised to migrate
to a supported release that includes the fix for these vulnerabilities.

Cisco FTD Software

Cisco FTD Software Release First Fixed Release for These Vulnerabilities
Earlier than 6.2.2 ^1 Migrate to a fixed release.
6.2.2 Migrate to a fixed release.
6.2.3 Migrate to a fixed release.
6.3.0 Migrate to a fixed release.
6.4.0 6.4.0.12 (May 2021)
6.5.0 Migrate to a fixed release.
6.6.0 6.6.4 ^2
6.7.0 6.7.0.2

1. Cisco FMC and FTD Software releases 6.0.1 and earlier, as well as
releases 6.2.0 and 6.2.1, have reached end of software maintenance .
Customers are advised to migrate to a supported release that includes the
fix for these vulnerabilities.

2. The First Fixed Release for the 6.6.0 code train was 6.6.3; however, due
to upgrade issues associated with CSCvx86231 the recommended release is
6.6.4.

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is aware that
public exploit code exists for CVE-2020-3580, and this vulnerability is
being actively exploited.

Source

o Cisco would like to thank the following security researchers:

Abdulrahman Nour and Ahmed Aboul-Ela of RedForce, Mikhail Klyuchnikov
and Nikita Abramov of Positive Technologies, and Phil Purviance for
independently reporting CVE-2020-3580
Maxim Suslov and Phil Purviance for independently reporting
CVE-2020-3581
Phil Purviance for reporting CVE-2020-3582
Maxim Suslov and Phil Purviance for independently reporting
CVE-2020-3583

Cisco Security Vulnerability Policy

Related to This Advisory

o Cross-Site Scripting

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe

Revision History

– ——————————————————————————–

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software WebVPN CRLF Injection Vulnerability

Priority: Medium

Advisory ID: cisco-sa-asa-ftd-crlf-inj-BX9uRwSn

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvt18028

CVE-2020-3561

CWE-93

CVSS Score:
4.7 AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X

Summary

o A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive
Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)
Software could allow an unauthenticated, remote attacker to inject
arbitrary HTTP headers in the responses of the affected system.

The vulnerability is due to improper input sanitization. An attacker could
exploit this vulnerability by persuading a user of the interface to click a
crafted link. A successful exploit could allow the attacker to conduct a
CRLF injection attack, adding arbitrary HTTP headers in the responses of
the system and redirecting the user to arbitrary websites.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asa-ftd-crlf-inj-BX9uRwSn

Affected Products

o Vulnerable Products

At the time of publication, this vulnerability affected Cisco products
running Cisco ASA Software or FTD Software when configured for AnyConnect/
WebVPN and the Load Balancing service was enabled.

For information about which Cisco ASA Software and FTD Software releases
were vulnerable, see the Fixed Software section of this advisory. See the
Details section in the bug ID(s) at the top of this advisory for the most
complete and current information.

Determine If WebVPN Is Enabled

To determine if the WebVPN service is enabled on a device, use the show
running-config webvpn privileged EXEC command and refer to the output of
the command. The following example shows the output of the command for a
device that has the WebVPN service enabled:

ciscoasa# show running-config webvpn
.
.
.
webvpn
enable interface_name
.
.
.

To view AnyConnect-related configuration, use the show webvpn anyconnect
command.

Determine If Load Balancing Is Enabled

To determine if the Load Balancing service is enabled on a device, see
Viewing VPN Load Balancing Information .

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

Fixed Releases

Cisco ASA Software

Cisco First Fixed
ASA Release for
Software This
Release Vulnerability
Earlier Migrate to a
than 9.6 fixed
^1 release.
9.6 ^1 9.6.4.35
9.7 ^1 9.8.4.20
9.8 9.8.4.20
9.9 9.9.2.80
9.10 9.10.1.43
9.12 9.12.3.9
9.13 9.13.1.10
9.14 9.14.1.10

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

Cisco First Fixed
FTD Release for
Software This
Release Vulnerability
Earlier Migrate to a
than fixed
6.3.0 ^1 release.
6.3.0.6
6.3.0 (future
release)
6.4.0 6.4.0.10
6.5.0.5
6.5.0 (future
release)
6.6.0 6.6.1

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found during the resolution of a Cisco TAC support
case.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asa-ftd-crlf-inj-BX9uRwSn

Revision History

– ——————————————————————————–

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software WebVPN Portal Access Rule Bypass Vulnerability

Priority: Medium

Advisory ID: cisco-sa-asaftd-rule-bypass-P73ABNWQ

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvu75615

CVE-2020-3578

CWE-863

Summary

o A vulnerability in the web services interface of Cisco Adaptive Security
Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software
could allow an unauthenticated, remote attacker to bypass a configured
access rule and access parts of the WebVPN portal that are supposed to be
blocked.

The vulnerability is due to insufficient validation of URLs when portal
access rules are configured. An attacker could exploit this vulnerability
by accessing certain URLs on the affected device.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-rule-bypass-P73ABNWQ

Affected Products

o Vulnerable Products

At the time of publication, this vulnerability affected Cisco products if
they were running a vulnerable release of Cisco ASA Software or FTD
Software with a vulnerable AnyConnect or WebVPN configuration and had a
portal access rule configured.

Determine Whether a Portal Access Rule Is Configured

To verify whether a portal access rule is configured, use the show
running-config webvpn | include portal-access-rule command. If that command
returns output, the device is vulnerable. Empty output indicates that the
device is not vulnerable.

Determine Whether a Vulnerable AnyConnect or WebVPN Configuration Is
Present

Cisco ASA Software

In the following table, the left column lists the Cisco ASA Software
features that are vulnerable. The right column indicates the basic
configuration for the feature from the show running-config CLI command. If
the device is running a vulnerable release and is configured for one of
these features, it is vulnerable.

Cisco ASA Vulnerable Configuration
Software
Feature
AnyConnect
IKEv2
Remote crypto ikev2 enable client-services port
Access
(with
client
services)
AnyConnect webvpn
SSL VPN enable

webvpn
Clientless
SSL VPN webvpn
enable

Cisco FTD Software

In the following table, the left column lists the Cisco FTD Software
features that are vulnerable. The right column indicates the basic
configuration for the feature from the show running-config CLI command. If
the device is running a vulnerable release and is configured for one of
these features, it is vulnerable.

Cisco FTD Vulnerable Configuration
Software
Feature
AnyConnect
IKEv2
Remote
Access crypto ikev2 enable client-services port
(with
client
services)
^1,2
AnyConnect webvpn
SSL VPN ^ enable
1,2

1. Remote Access VPN features are enabled by using Devices > VPN > Remote
Access in Cisco Firepower Management Center (FMC) or by using Device >
Remote Access VPN in Cisco Firepower Device Manager (FDM).
2. Remote Access VPN features are first supported in Cisco FTD Software
Release 6.2.2.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

Fixed Releases

Cisco ASA Software

Cisco First Fixed
ASA Release for
Software This
Release Vulnerability
Earlier Migrate to a
than 9.6 fixed
^1 release.
9.6 ^1 9.6.4.45
Migrate to a
9.7 ^1 fixed
release.
9.8 9.8.4.26
9.9 9.9.2.80
9.10 9.10.1.44
9.12 9.12.4.4
9.13 9.13.1.13
9.14 9.14.1.19

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found during the resolution of a Cisco TAC support
case.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-rule-bypass-P73ABNWQ

Revision History

– ——————————————————————————–

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software for Firepower 1000/2100 Series Appliances Secure Boot Bypass
Vulnerabilities

Priority: High

Advisory ID: cisco-sa-fxos-sbbyp-KqP6NgrE

First Published: 2020 October 21 16:00 GMT

Last Updated: 2020 October 23 13:31 GMT

Version 1.1: Final

Workarounds: No workarounds availableCisco Bug IDs: CSCvt31177CSCvt31178

CVE-2020-3458

CWE-693

CVSS Score:
6.7 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

o Update from October 23, 2020: Cisco has become aware of a new Cisco
Adaptive Security Appliance vulnerability that could affect the fixed
releases recommended for code trains 9.13 and 9.14 in the Fixed Software
section of this advisory. See the Cisco Adaptive Security Appliance
Software SSL/TLS Denial of Service Vulnerability for additional
information.

Multiple vulnerabilities in the secure boot process of Cisco Adaptive
Security Appliance (ASA) Software and Firepower Threat Defense (FTD)
Software for the Firepower 1000 Series and Firepower 2100 Series Appliances
could allow an authenticated, local attacker to bypass the secure boot
mechanism.

The vulnerabilities are due to insufficient protections of the secure boot
process. An attacker could exploit these vulnerabilities by injecting code
into specific files that are then referenced during the device boot
process. A successful exploit could allow the attacker to break the chain
of trust and inject code into the boot process of the device, which would
be executed at each boot and maintain persistence across reboots.

Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-fxos-sbbyp-KqP6NgrE

Affected Products

o Vulnerable Products

These vulnerabilities affect Cisco ASA Software and FTD Software when
running on the following products:

Firepower 1000 Series Appliances
Firepower 2100 Series Appliances

For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.

For the Firepower 4100 Series Appliances and Firepower 9300 Series
Appliances running FXOS, see the following advisory:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-fxos-sbbp-XTuPkYTn

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Workarounds

o There are no workarounds that address these vulnerabilities.

Fixed Software

o Cisco has released free software updates that address the vulnerabilities
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

Customers Without Service Contracts

Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.

Fixed Releases

In the following table(s), the left column lists Cisco software releases
and the right column indicates whether a release is affected by the
vulnerabilities described in this advisory and the first release that
includes the fix for these vulnerabilities.

ASA Software for Firepower 1000 Series and Firepower 2100 Series

Cisco ASA Software Release First Fixed Release for these Vulnerabilities
9.8 9.8.4.26
9.9 9.9.2.80
9.10 9.10.1.43
9.12 9.12.4.3
9.13 9.13.1.13
9.14 9.14.1.15

Note : Firepower 1000 Series Appliances were first supported in ASA
Software Release 9.13 and Firepower 2100 Series Appliances were first
supported in ASA Software Release 9.8.

FTD Software for Firepower 1000 Series and Firepower 2100 Series

Cisco FTD Software Release First Fixed Release for these Vulnerabilities
Earlier than 6.2.2 ^1 Migrate to a fixed release.
6.2.2 Migrate to a fixed release.
6.2.3 Migrate to a fixed release.
6.3.0 6.3.0.6 (future release)
6.4.0 6.4.0.10
6.5.0 6.5.0.5 (future release)
6.6.0 6.6.1

Note : Firepower 1000 Series Appliances were first supported on FTD
Software Release 6.4.0 and Firepower 2100 Series appliances were first
supported on FTD Software Release 6.2.1.

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerabilities that are
described in this advisory.

Source

o These vulnerabilities were found during internal security testing.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-fxos-sbbyp-KqP6NgrE

Revision History

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYNqlveNLKJtyKPYoAQgT4g/+LQBBltfFr9ByUhR0FQMxENC8uZye6P+F
6sxz3RVh+18gUI6cQEla8lD9PmxflDMlTHmMxkPCNE/XV9I5ujOpL90xyyfIzZ0V
lGpyXELKCsHTPoDoeGxmpB3P6DRwiXtR7CmVCw6UKSej/6z0WqqI4cFa00qb0wGz
UuAJeU22+kOxX0hjmGGzuRPitj/N6Q1yuGMmZ1+/QI9iIu4AQbEgq1xMvh0jbHhB
6HlEv9jrq5voCCVo66UE0nk5k5OtKXDo38LkcdmbtqF8vSx/yNiBfWcwuwpr8JxL
iGYvfpEqHfHhxNiwHM2+jSkEQtZpAykQWu9qlk9h/4OQlSZJCBORTS83TMbZPTB5
WdnhOmVdwrwEYizTtSv3Ws8qr+JRHEW8qFdS3dcMi5jKEOAJ+ICJ06VOU+fLZM/N
07S6oiPlIGFUc+WFS26/aw+DbNveLO1nsfWM1v7XVSaaLMktVlxAloGdzowUcOoE
4dEWr7ETcOg2Gl8KUUQ1b03EKFGDl2oQIEyrixTx3aN7NAf75Sr2xwXOZ8ht7yfU
g/I8Lk1x6nhlvJ0I81uDwPS/sppGkGHGE0MTZwNVc+/I93enKJss1Q0POWhyu0qE
0hw+eLIio0atZr8jKS09ipYX6u/JUuHeZ9HfFGR7MJykjCANZO2AfdydhgM1eKp1
tkQjVT4aQrw=
=Nufl
—–END PGP SIGNATURE—–

The post ESB-2020.3642.3 – UPDATE [Cisco] Cisco Adaptive Security Appliance Software & Cisco Firepower Threat Defense Software: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/06/29/esb-2020-3642-3-update-cisco-cisco-adaptive-security-appliance-software-cisco-firepower-threat-defense-software-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3642-3-update-cisco-cisco-adaptive-security-appliance-software-cisco-firepower-threat-defense-software-multiple-vulnerabilities

Malware Devil

Malware Devil

Tuesday, June 29, 2021

ESB-2020.3642.3 – UPDATE [Cisco] Cisco Adaptive Security Appliance Software & Cisco Firepower Threat Defense Software: Multiple vulnerabilities

No comments:

Post a Comment

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me