Rewterz Threat Alert – Emotet Still Active – IoCs
July 24, 2020Rewterz Threat Advisory – New ‘Shadow Attack’ Manipulates Digitally Signed PDF Files
July 24, 2020Rewterz Threat Alert – Emotet Still Active – IoCs
July 24, 2020Rewterz Threat Advisory – New ‘Shadow Attack’ Manipulates Digitally Signed PDF Files
July 24, 2020Severity
High
Analysis Summary
A high-severity vulnerability in Cisco’s network security software could lay bare sensitive data – such as WebVPN configurations and web cookies – to remote, unauthenticated attackers. The flaw exists in the web services interface of Cisco’s Firepower Threat Defense (FTD) software, which is part of its suite of network security and traffic management products; and its Adaptive Security Appliance (ASA) software, the operating system for its family of ASA corporate network security devices. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The flaw is due to a lack of proper input validation of URLs in HTTP requests processed by affected devices. Public exploit code is available and the vulnerability is currently being exploited in the wild.
Vulnerable configurations for Cisco ASA software:
Vulnerable configurations for Cisco FTD software:
Cisco has confirmed that this vulnerability does not affect Cisco Firepower Management Center (FMC) Software.
Impact
Unauthorized access to restricted information
Affected Vendors
Cisco
Affected Products
- AnyConnect IKEv2 Remote Access (with client services)
- AnyConnect SSL VPN
- Clientless SSL VPN
Remediation
Cisco has released free software updates that address the vulnerability. Install latest updates for affected products.
To help detect and/or block attempts to exploit the vulnerability, customers who use the SSL Decryption feature for affected traffic on Cisco Firepower sensors can enable Snort rules 54598 through 54601, from SRU number 2020-07-22-001, by using the Cisco Firepower Management Center.