Rewterz Threat Advisory – ICS: Honeywell NOTI-FIRE-NET Web Server (NWS-3)
February 22, 2020Rewterz Threat Advisory – Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol
February 24, 2020Rewterz Threat Advisory – ICS: Honeywell NOTI-FIRE-NET Web Server (NWS-3)
February 22, 2020Rewterz Threat Advisory – Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol
February 24, 2020Severity
High
Analysis Summary
The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device.
Impact
Authentication Bypass
Affected Vendors
Cisco
Affected Products
Cisco FMC Software
Remediation
Please refer to vendor’s advisory for the list of affected products and patches.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth