Cisco has rolled out May 2020 security patches for eleven different products using auto patching. Advisories released for Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software are considered important. The most severe of these vulnerabilities could enable an attacker to perform a directory traversal attack thereby gaining read and delete access to sensitive files on the affected device. A vulnerability scanning tool is required to detect new vulnerabilities everyday.
Cisco has released security updates for the following products:
- Cisco Adaptive Security Appliance Software
- Cisco Firepower Threat Defense Software
- Cisco Firepower 1000 Series
- Cisco Firepower 2100 Series
- Cisco Firepower Device Manager
- Cisco Firepower Management Center
- Cisco Hosted Collaboration
- Cisco IMC Supervisor
- Cisco UCS Director
- Cisco UCS Director Express
- Cisco Umbrella
High Severity Vulnerabilities:
- CVE-2020-3298: A denial of service vulnerability exists in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD). A remote attacker could send malformed OSPF packets in a short duration. This may cause the affected device to reload, leading to a denial of service condition for the client traffic.
-
CVE-2020-3187: A path traversal vulnerability exists in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. The vulnerability arises as a result of improper input validation of HTTP URLs. By including directory traversal character sequences in an HTTP request, an unauthenticated remote attacker would be able to access arbitrary files in the web services file system.
-
CVE-2020-3196: A denial of service vulnerability exists in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) software. The vulnerability is a result of improper resource management concerning incoming SSL/TLS connections. An unauthenticated remote attacker could exhaust an affected device’s memory by creating multiple connections with certain conditions. This leads to the inability of the device to accept new SSL/TLS connections and results in a denial of service condition.
-
CVE-2020-3125: An authentication bypass vulnerability exists in the Kerberos authentication feature of Cisco Adaptive Security Appliance (ASA) Software. The vulnerability arises due to insufficient identity verification of the KDC on successful authentication of the received response. An unauthenticated remote attacker could bypass Kerberos authentication by redirecting the KDC Server response to the ASA device.
-
CVE-2020-3254: Multiple denial of service vulnerabilities exist in the Media Gateway Control Protocol (MGCP) inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) software. An unauthenticated remote attacker could exhaust an affected device’s memory by sending maliciously crafted MGCP packets through it. This could cause the device to reboot and lead to a denial of service condition for the traversing traffic.
More High Severity Vulnerabilities
-
CVE-2020-3191: A denial of service vulnerability exists in the DNS over IPv6 packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) software. The vulnerability results due to improper length validation of an IPv6 DNS packet field. By sending a crafted DNS query that traverses the affected device, an unauthenticated remote attacker could cause the device to restart. This leads to a denial of service condition for the IPv6 traffic.
-
CVE-2020-3259: An information disclosure vulnerability exists in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) software. The vulnerability is caused by a buffer tracking issue when invalid URL requests are parsed by the software. An unauthenticated remote attacker could gain access to sensitive information by obtaining memory contents through a crafted GET request.
-
CVE-2020-3195: A memory leak vulnerability exists in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. A remote attacker could consume memory continuously by sending malformed OSPF packets. This may cause the affected device to reload, leading to a denial of service condition for the client traffic.
Some More High Severity Vulnerabilities
-
CVE-2020-3283: A denial of service vulnerability exists in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Firepower 1000 Series. Moreover, the vulnerability is a result of communication error between internal functions. Also, an unauthenticated remote attacker could cause a crash through a buffer underrun by sending a crafted SSL/TLS message. Also, this could cause a reload on the affected device.
-
CVE-2020-3189: A denial of service vulnerability exists in the VPN System Logging functionality of Cisco Firepower Threat Defense (FTD) software. Also, through frequent creation or deletion of VPN tunnel connections, a remote attacker would be able to cause minor system memory leak for each logging event. This could result in a denial of service condition due to system memory depletion.
-
CVE-2020-3255: A denial of service vulnerability exists in the packet processing functionality of Cisco Firepower Threat Defense (FTD) software. However, The vulnerability arises due to inefficient memory management. Moreover, a remote attacker could cause memory exhaustion by sending a huge amount of IPv4 or IPv6 traffic through an affected device. Also, this could lead to a denial of service condition for the traffic traversing the device.
-
CVE-2020-3179: A denial of service vulnerability exists in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) software. However, the vulnerability arises due to an error in memory handling when processing a GRE over IPv6 traffic. However, an unauthenticated remote attacker could cause a crash by sending crafted GRE over IPv6 packets with IPv4/IPv6 payload. Also, this could result in a denial of service condition.
Medium Severity Vulnerabilities:
However, Cisco’s fixes included 22 medium severity vulnerabilities, some of which could be exploited to cause denial of service conditions. Also, These vulnerabilities are :
CVE-2020-3178, CVE-2020-3186, CVE-2020-3188, CVE-2020-3246, CVE-2020-3253, CVE-2020-3256, CVE-2020-3285, CVE-2020-3301, CVE-2020-3302, CVE-2020-3303, CVE-2020-3305, CVE-2020-3306, CVE-2020-3307, CVE-2020-3308, CVE-2020-3309, CVE-2020-3310, CVE-2020-3311, CVE-2020-3312, CVE-2020-3313, CVE-2020-3315, CVE-2020-3318, CVE-2020-3329 and then CVE-2020-3334
Impact
Also, an attacker could exploit these vulnerabilities to cause a denial of service conditions, authentication bypass. Information disclosure, memory leaks, path traversal, cross-site scripting, arbitrary file overwrites. And insecure direct object reference attacks on vulnerable systems.
Solution
We recommend installing the necessary Cisco security updates as soon as possible to stay protected.