Cisco Network Security Flaw Affects Many Fortune 500 Companies
Hackers are exploiting a high-severity flaw in Cisco network security products. Cisco is warning that a high-severity flaw in its network security software is being actively exploited by hackers. The flaw allows remote, unauthenticated hackers to access sensitive data. The Cisco Product Security Incident Response Team is aware of the public exploit code.
The flaw exists in the web services interface of Firepower Threat Defense software, which is part of Cisco's suite of network security and traffic management products. Researchers with Rapid7 recently found 85,000 internet-accessible ASA/FTD devices. Almost 400 of those are spread across 17 percent of the Fortune 500.
The flaw stems from a lack of proper validation of URLs in HTTP requests. The flaw allows hackers to conduct directory traversal attacks, which is an HTTP attack enabling hackers to access restricted directories and execute commands outside of the web server's root directory. A hacker can view more sensitive files within the web services file system such as web services files that may WebVPN configuration, bookmarks, web cookies, and HTTP URLs.
Cisco stated the flaw affects products that are running a vulnerable release of Cisco ASA Software or Cisco FTD Software. The vulnerability cannot be used to gain access to ASA or FTD system files or underlying operating system.
Patches for the vulnerability were released last Wednesday. Cisco has provided fixes for all supported versions of ASA and FTD components. Cisco ASA Software releases 9.5 and earlier, as well as Release 9.7, along with Cisco FTD Release 6.2.2 have reached the end of software maintenance and will have to upgrade to a later, supported version to fix this vulnerability. Researchers recommend patching the vulnerable ASA/FTD installations.