Cisco fixed a critical vulnerability in the Cisco Firepower Management Center that could allow a remote attacker to gain administrative access to the web-based management interface of the vulnerable devices and execute arbitrary actions. The vulnerability tracked as CVE-2019-16028 received a CVSS score of 9.8.
“A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device.” reads the security advisory published by Cisco.
“The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device.”
The issue, Cisco stems from the improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external server. The issue could be triggered by sending crafted HTTP requests to a vulnerable device and gain administrative access to the web-based management interface.
Cisco warns that only Cisco Firepower Management Center configured to authenticate users of the web-based management interface through an external LDAP server are affected.
“To determine whether external authentication using an LDAP server is configured on the device, administrators can navigate to System > Users > External Authentication and look for an External Authentication Object that uses LDAP as the authentication method. The External Authentication Object must be enabled for the FMC to be affected.” continues the advisory.
Cisco released FMC Software versions 6.4.0.7 and 6.5.0.2 to address the flaw, it also announced the release of patches for versions 6.2.3 (6.2.3.16) and 6.3.0 (6.3.0.6) in February and May 2020, respectively.
The company confirmed that there are no workarounds that address this vulnerability, it also confirmed that this issue does not affect Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software.
Cisco is not aware of any attack in the wild exploiting the flaw.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Iran, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler…
A financially motivated group named GhostR claims the theft of a sensitive database from World-Check…
Researcher demonstrated how to exploit vulnerabilities in the Windows DOS-to-NT path conversion process to achieve…
Japan's CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads…
Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over…
Threat actors target government entities in the Middle East with a new backdoor dubbed CR4T…
This website uses cookies.