Cisco Network Security Flaw Affects Many Fortune 500 Companies

Walden Systems Geeks Corner News Cisco Network Security Flaw Affects Many Fortune 500 Companies Rutherford NJ New Jersey NYC New York City North Bergen County
Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.

Hackers are exploiting a high-severity flaw in Cisco network security products. Cisco is warning that a high-severity flaw in its network security software is being actively exploited by hackers. The flaw allows remote, unauthenticated hackers to access sensitive data. The Cisco Product Security Incident Response Team is aware of the public exploit code.

The flaw exists in the web services interface of Firepower Threat Defense software, which is part of Cisco's suite of network security and traffic management products. Researchers with Rapid7 recently found 85,000 internet-accessible ASA/FTD devices. Almost 400 of those are spread across 17 percent of the Fortune 500.

The flaw stems from a lack of proper validation of URLs in HTTP requests. The flaw allows hackers to conduct directory traversal attacks, which is an HTTP attack enabling hackers to access restricted directories and execute commands outside of the web server's root directory. A hacker can view more sensitive files within the web services file system such as web services files that may WebVPN configuration, bookmarks, web cookies, and HTTP URLs.

Cisco stated the flaw affects products that are running a vulnerable release of Cisco ASA Software or Cisco FTD Software. The vulnerability cannot be used to gain access to ASA or FTD system files or underlying operating system.

Patches for the vulnerability were released last Wednesday. Cisco has provided fixes for all supported versions of ASA and FTD components. Cisco ASA Software releases 9.5 and earlier, as well as Release 9.7, along with Cisco FTD Release 6.2.2 have reached the end of software maintenance and will have to upgrade to a later, supported version to fix this vulnerability. Researchers recommend patching the vulnerable ASA/FTD installations.