Justyn  Ortiz

Justyn Ortiz

1603472400

Cisco Warns of Severe DoS Flaws in Network Security Software

Cisco has stomped out a slew of high-severity vulnerabilities across its lineup of network-security products. The most severe flaws can be exploited by an unauthenticated, remote attacker to launch a passel of malicious attacks — from denial of service (DoS) to cross-site request forgery (CSRF).

The vulnerabilities exist in Cisco’s Firepower Threat Defense (FTD) software, which is part of its suite of network-security and traffic-management products; and its Adaptive Security Appliance (ASA) software, the operating system for its family of ASA corporate network-security devices.

“The Cisco Product Security Incident Response Team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory,” according to Cisco in an update released on Wednesday.

The most severe of these flaws includes a vulnerability in Cisco Firepower Chassis Manager (FCM), which exists in the Firepower Extensible Operating System (FXOS) and provides management capabilities.

The flaw (CVE-2020-3456) ranks 8.8 out of 10 on the CVSS scale, and stems from insufficient CSRF protections in the FCM interface. It could be exploited to enable CSRF — which means that when attackers are authenticated on the server, they also have control over the client.

“An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link,” according to Cisco. “A successful exploit could allow the attacker to send arbitrary requests that could take unauthorized actions on behalf of the targeted user.”

Cisco FXOS Software is affected when it is running on Firepower 2100 Series Appliances (when running ASA Software in non-appliance mode), Firepower 4100 Series Appliances and Firepower 9300 Series Appliances.

Four other high-severity vulnerabilities across Cisco’s Firepower brand could be exploited by an unauthenticated, remote attacker to cripple affected devices with a DoS condition. These include a flaw in Firepower’s Management Center Software (CVE-2020-3499), Cisco Firepower 2100 Series firewalls (CVE-2020-3562), Cisco Firepower 4110 appliances (CVE-2020-3571) and Cisco Firepower Threat Defense Software (CVE-2020-3563 and CVE-2020-3563).

Cisco also patched multiple DoS flaws in its Adaptive Security Appliance software, including ones tied to CVE-2020-3304CVE-2020-3529CVE-2020-3528CVE-2020-3554CVE-2020-3572and CVE-2020-3373 that could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly.

Another flaw of note, in the web services interface of Cisco Adaptive Security Appliance and Firepower Threat Defense, could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload.

The flaw stems from the software not efficiently handling the writing of large files to specific folders on the local file system.

The new security alerts come a day after Cisco sent out an advisory warning that a flaw (CVE-2020-3118) the Cisco Discovery Protocol implementation for Cisco IOS XR Software was being actively exploited by attackers. The bug, which could be exploited by unauthenticated, adjacent attackers, could allow them to execute arbitrary code or cause a reload on an affected device.

#vulnerabilities #web security #adaptive security appliance #bugs #cisco #cross-site request forgery #csrf #cve-2020-3456 #cve-2020-3499 #cve-2020-3562 #cve-2020-3563 #cve-2020-3571 #denial of service #dos #firepower threat defense #patches #security vulnerabilities

What is GEEK

Buddha Community

Cisco Warns of Severe DoS Flaws in Network Security Software
Mitchel  Carter

Mitchel Carter

1603072800

Cisco Fixes High-Severity Webex, Security Camera Flaws

Cisco has issued patches for high-severity vulnerabilities plaguing its popular Webex video-conferencing system, its video surveillance IP cameras and its Identity Services Engine network administration product.

Overall, Cisco on Wednesday issued the three high-severity flaws along with 11 medium-severity vulnerabilities.

The most severe of these is a flaw (CVE-2020-3544) in Cisco’s Video Surveillance 8000 Series IP Cameras, which ranks 8.8 out of 10 on the CVSS scale.

“A vulnerability in the Cisco Discovery Protocol [CDP] implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute arbitrary code on an affected device or cause the device to reload,” according to Cisco’s security advisory.

The CDP is a network-discovery tool that helps network administrators identify neighboring Cisco devices. The vulnerability is due to missing checks when an IP camera processes a CDP packet.

To exploit the flaw, an attacker does not need to be authenticated. However, the person must be in the same broadcast domain as the affected device — because CDP is a Layer 2 protocol, attackers must be Layer 2-adjacent.

“An attacker could exploit this vulnerability by sending a malicious [CDP] packet to an affected device,” according to Cisco. “A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.”

The vulnerability affects cameras running a firmware release earlier than Release 1.0.9-5 that have the CDP enabled, said Cisco. Of note, Cisco Video Surveillance 8000 Series IP Cameras are no longer being sold as of July 24; however, vulnerability and security support does not end until July 24, 2023.

Webex Bug

Cisco also patched a high-severity flaw affecting its Webex platform. This issue is severe given the troves of workforces turning to video conferencing systems during the pandemic – however, it is significantly complex to exploit, as an attacker would need to be both authenticated (needing valid credentials on the Windows system) and local.

The vulnerability stems from the incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file in a specific location on the targeted system, which would then execute when the vulnerable application launches.

“A successful exploit could allow the attacker to execute arbitrary code on the targeted system with the privileges of another user’s account,” according to Cisco.

The flaw (CVE-2020-3535) affects Cisco Webex Teams for Windows releases 3.0.13464.0 through 3.0.16040.0; it does not affect Webex Teams for Android, Mac or iPhone and iPad.

#vulnerabilities #web security #cisco #cisco discovery protocol #cisco webex #cisco’s video surveillance 8000 series ip cameras #cve-2020-3467 #cve-2020-3535 #cve-2020-3544 #high severity flaw #identity services engine #patches #security camera #security vulnerabilities

Justyn  Ortiz

Justyn Ortiz

1603472400

Cisco Warns of Severe DoS Flaws in Network Security Software

Cisco has stomped out a slew of high-severity vulnerabilities across its lineup of network-security products. The most severe flaws can be exploited by an unauthenticated, remote attacker to launch a passel of malicious attacks — from denial of service (DoS) to cross-site request forgery (CSRF).

The vulnerabilities exist in Cisco’s Firepower Threat Defense (FTD) software, which is part of its suite of network-security and traffic-management products; and its Adaptive Security Appliance (ASA) software, the operating system for its family of ASA corporate network-security devices.

“The Cisco Product Security Incident Response Team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory,” according to Cisco in an update released on Wednesday.

The most severe of these flaws includes a vulnerability in Cisco Firepower Chassis Manager (FCM), which exists in the Firepower Extensible Operating System (FXOS) and provides management capabilities.

The flaw (CVE-2020-3456) ranks 8.8 out of 10 on the CVSS scale, and stems from insufficient CSRF protections in the FCM interface. It could be exploited to enable CSRF — which means that when attackers are authenticated on the server, they also have control over the client.

“An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link,” according to Cisco. “A successful exploit could allow the attacker to send arbitrary requests that could take unauthorized actions on behalf of the targeted user.”

Cisco FXOS Software is affected when it is running on Firepower 2100 Series Appliances (when running ASA Software in non-appliance mode), Firepower 4100 Series Appliances and Firepower 9300 Series Appliances.

Four other high-severity vulnerabilities across Cisco’s Firepower brand could be exploited by an unauthenticated, remote attacker to cripple affected devices with a DoS condition. These include a flaw in Firepower’s Management Center Software (CVE-2020-3499), Cisco Firepower 2100 Series firewalls (CVE-2020-3562), Cisco Firepower 4110 appliances (CVE-2020-3571) and Cisco Firepower Threat Defense Software (CVE-2020-3563 and CVE-2020-3563).

Cisco also patched multiple DoS flaws in its Adaptive Security Appliance software, including ones tied to CVE-2020-3304CVE-2020-3529CVE-2020-3528CVE-2020-3554CVE-2020-3572and CVE-2020-3373 that could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly.

Another flaw of note, in the web services interface of Cisco Adaptive Security Appliance and Firepower Threat Defense, could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload.

The flaw stems from the software not efficiently handling the writing of large files to specific folders on the local file system.

The new security alerts come a day after Cisco sent out an advisory warning that a flaw (CVE-2020-3118) the Cisco Discovery Protocol implementation for Cisco IOS XR Software was being actively exploited by attackers. The bug, which could be exploited by unauthenticated, adjacent attackers, could allow them to execute arbitrary code or cause a reload on an affected device.

#vulnerabilities #web security #adaptive security appliance #bugs #cisco #cross-site request forgery #csrf #cve-2020-3456 #cve-2020-3499 #cve-2020-3562 #cve-2020-3563 #cve-2020-3571 #denial of service #dos #firepower threat defense #patches #security vulnerabilities

Wilford  Pagac

Wilford Pagac

1596811440

Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns

Attackers are exploiting a high-severity vulnerability in Cisco’s network security software products, which is used by Fortune 500 companies.

Cisco is warning that a high-severity flaw in its network security software is being actively exploited – allowing remote, unauthenticated attackers to access sensitive data.

Patches for the vulnerability (CVE-2020-3452) in question, which ranks 7.5 out of 10 on the CVSS scale, were released last Wednesday. However, attackers have since been targeting vulnerable versions of the software, where the patches have not yet been applied.

“The Cisco Product Security Incident Response Team (PSIRT) is aware of the existence of public exploit code and active exploitation of the vulnerability that is described in this advisory,” according to Cisco.

The flaw specifically exists in the web services interface of Firepower Threat Defense (FTD) software, which is part of Cisco’s suite of network security and traffic management products; and its Adaptive Security Appliance (ASA) software, the operating system for its family of ASA corporate network security devices.

The potential threat surface is vast: Researchers with Rapid7 recently found 85,000 internet-accessible ASA/FTD devices. Worse, 398 of those are spread across 17 percent of the Fortune 500, researchers said.

The flaw stems from a lack of proper input validation of URLs in HTTP requests processed by affected devices. Specifically, the flaw allows attackers to conduct directory traversal attacks, which is an HTTP attack enabling bad actors to access restricted directories and execute commands outside of the web server’s root directory.

Soon after patches were released, proof-of-concept (POC) exploit code was released Wednesday for the flaw by security researcher Ahmed Aboul-Ela.

A potential attacker can view more sensitive files within the web services file system: The web services files may have information such as WebVPN configuration, bookmarks, web cookies, partial web content and HTTP URLs.

Cisco said the vulnerability affects products if they are running a vulnerable release of Cisco ASA Software or Cisco FTD Software, with a vulnerable AnyConnect or WebVPN configuration: “The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features,” according to its advisory. However, “this vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.”

cisco vulnerability patch

Credit: Rapid7

Researchers with Rapid7 say that since the patch was issued, only about 10 percent of Cisco ASA/FTD devices detected as internet-facing have been rebooted – which is a “likely indicator they’ve been patched.” Only 27 of the 398 detected in Fortune 500 companies appear to have been rebooted.

Researchers encourage immediate patching of vulnerable ASA/FTD installations “to prevent attackers from obtaining sensitive information from these devices which may be used in targeted attacks.”

“Cisco has provided fixes for all supported versions of ASA and FTD components,” said researchers. “Cisco ASA Software releases 9.5 and earlier, as well as Release 9.7, along with Cisco FTD Release 6.2.2 have reached the end of software maintenance and organizations will have to upgrade to a later, supported version to fix this vulnerability.”

Complimentary Threatpost Webinar: Want to learn more about Confidential Computing and how it can supercharge your cloud security? This webinar “Cloud Security Audit: A Confidential Computing Roundtable_” brings top cloud-security experts together to explore how Confidential Computing is a game changer for securing dynamic cloud data and preventing IP exposure. Join us Wednesday Aug. 12 at 2pm ETfor this** FREE _**live webinar.

#vulnerabilities #web security #adaptive security appliance (asa) software #cisco #firepower threat defense (ftd) software #network security #patch

Wilford  Pagac

Wilford Pagac

1596877200

Critical Cisco Flaw Fixed in Data Center Network Manager

The flaw could allow a remote, unauthenticated attacker to bypass authentication on vulnerable devices.

Cisco is warning of several critical and high-severity flaws in its Data Center Network Manager (DCNM) for managing network platforms and switches.

DCNM is a platform for managing Cisco data centers that run Cisco’s NX-OS — the network operating system used by Cisco’s Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network switches. The flaws exist in the REST API of DCNM — and the most serious of these could allow an unauthenticated, remote attacker to bypass authentication, and ultimately execute arbitrary actions with administrative privileges on a vulnerable device.

The critical flaw (CVE-2020-3382), which was found during internal security testing, rates 9.8 out of 10 on the CVSS scale, making it critical in severity. While the flaw is serious, the Cisco Product Security Incident Response Team said it is not aware of any public announcements or malicious exploits of the vulnerability.

“The vulnerability exists because different installations share a static encryption key,” said Cisco, in a security update on Wednesday. “An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.”

This vulnerability affects all deployment modes of all Cisco DCNM appliances that were installed using .ova or .iso installers, and affects Cisco DCNM software releases 11.0(1), 11.1(1), 11.2(1), and 11.3(1).

“Cisco has confirmed that this vulnerability does not affect Cisco DCNM instances that were installed on customer-provided operating systems using the DCNM installer for Windows or Linux,” said Cisco. “Cisco has also confirmed that this vulnerability does not affect Cisco DCNM software releases 7.x and 10.x.”

Cisco has released software updates that address the vulnerability, though there are no workarounds that address the flaw.

Cisco also patched five high-severity flaws in DCNM, including two command-injection flaws (CVE-2020-3377 and CVE-2020-3384 ) that could allow an authenticated, remote attacker to inject arbitrary commands on affected devices; a path traversal issue (CVE-2020-3383) that could enable an authenticated, remote attacker to conduct directory traversal attacks on vulnerable devices; an improper authorization flaw (CVE-2020-3386), allowing an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device; and an authentication bypass glitch (CVE-2020-3376) allowing an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device.

DCNM came in the spotlight earlier this year when three critical vulnerabilities (CVE-2019-15975, CVE-2019-15976, CVE-2019-15977) were discovered in the tool in January. Two critical flaws were also found last year in DCNM, which could allow attackers to take control of impacted systems.

Cisco on Wednesday also patched a critical vulnerability (CVE-2020-3374) in the web-based management interface of its SD-WAN vManage Network Management system (the centralized management platform). This flaw could allow a remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system – but the attacker would need to be authenticated to exploit the flaw.

#vulnerabilities #web security #cisco #critical cisco flaw #cve-2020-3382 #data center network manager #dcnm #fix #patch #rest api #security #vulnerability

Wilford  Pagac

Wilford Pagac

1596789120

Best Custom Web & Mobile App Development Company

Everything around us has become smart, like smart infrastructures, smart cities, autonomous vehicles, to name a few. The innovation of smart devices makes it possible to achieve these heights in science and technology. But, data is vulnerable, there is a risk of attack by cybercriminals. To get started, let’s know about IoT devices.

What are IoT devices?

The Internet Of Things(IoT) is a system that interrelates computer devices like sensors, software, and actuators, digital machines, etc. They are linked together with particular objects that work through the internet and transfer data over devices without humans interference.

Famous examples are Amazon Alexa, Apple SIRI, Interconnected baby monitors, video doorbells, and smart thermostats.

How could your IoT devices be vulnerable?

When technologies grow and evolve, risks are also on the high stakes. Ransomware attacks are on the continuous increase; securing data has become the top priority.

When you think your smart home won’t fudge a thing against cybercriminals, you should also know that they are vulnerable. When cybercriminals access our smart voice speakers like Amazon Alexa or Apple Siri, it becomes easy for them to steal your data.

Cybersecurity report 2020 says popular hacking forums expose 770 million email addresses and 21 million unique passwords, 620 million accounts have been compromised from 16 hacked websites.

The attacks are likely to increase every year. To help you secure your data of IoT devices, here are some best tips you can implement.

Tips to secure your IoT devices

1. Change Default Router Name

Your router has the default name of make and model. When we stick with the manufacturer name, attackers can quickly identify our make and model. So give the router name different from your addresses, without giving away personal information.

2. Know your connected network and connected devices

If your devices are connected to the internet, these connections are vulnerable to cyber attacks when your devices don’t have the proper security. Almost every web interface is equipped with multiple devices, so it’s hard to track the device. But, it’s crucial to stay aware of them.

3. Change default usernames and passwords

When we use the default usernames and passwords, it is attackable. Because the cybercriminals possibly know the default passwords come with IoT devices. So use strong passwords to access our IoT devices.

4. Manage strong, Unique passwords for your IoT devices and accounts

Use strong or unique passwords that are easily assumed, such as ‘123456’ or ‘password1234’ to protect your accounts. Give strong and complex passwords formed by combinations of alphabets, numeric, and not easily bypassed symbols.

Also, change passwords for multiple accounts and change them regularly to avoid attacks. We can also set several attempts to wrong passwords to set locking the account to safeguard from the hackers.

5. Do not use Public WI-FI Networks

Are you try to keep an eye on your IoT devices through your mobile devices in different locations. I recommend you not to use the public WI-FI network to access them. Because they are easily accessible through for everyone, you are still in a hurry to access, use VPN that gives them protection against cyber-attacks, giving them privacy and security features, for example, using Express VPN.

6. Establish firewalls to discover the vulnerabilities

There are software and firewalls like intrusion detection system/intrusion prevention system in the market. This will be useful to screen and analyze the wire traffic of a network. You can identify the security weakness by the firewall scanners within the network structure. Use these firewalls to get rid of unwanted security issues and vulnerabilities.

7. Reconfigure your device settings

Every smart device comes with the insecure default settings, and sometimes we are not able to change these default settings configurations. These conditions need to be assessed and need to reconfigure the default settings.

8. Authenticate the IoT applications

Nowadays, every smart app offers authentication to secure the accounts. There are many types of authentication methods like single-factor authentication, two-step authentication, and multi-factor authentication. Use any one of these to send a one time password (OTP) to verify the user who logs in the smart device to keep our accounts from falling into the wrong hands.

9. Update the device software up to date

Every smart device manufacturer releases updates to fix bugs in their software. These security patches help us to improve our protection of the device. Also, update the software on the smartphone, which we are used to monitoring the IoT devices to avoid vulnerabilities.

10. Track the smartphones and keep them safe

When we connect the smart home to the smartphone and control them via smartphone, you need to keep them safe. If you miss the phone almost, every personal information is at risk to the cybercriminals. But sometimes it happens by accident, makes sure that you can clear all the data remotely.

However, securing smart devices is essential in the world of data. There are still cybercriminals bypassing the securities. So make sure to do the safety measures to avoid our accounts falling out into the wrong hands. I hope these steps will help you all to secure your IoT devices.

If you have any, feel free to share them in the comments! I’d love to know them.

Are you looking for more? Subscribe to weekly newsletters that can help your stay updated IoT application developments.

#iot #enterprise iot security #how iot can be used to enhance security #how to improve iot security #how to protect iot devices from hackers #how to secure iot devices #iot security #iot security devices #iot security offerings #iot security technologies iot security plus #iot vulnerable devices #risk based iot security program