Home News Patch Now! Hackers Exploiting Cisco’s ASA/FTD Software to Steal Data

Patch Now! Hackers Exploiting Cisco’s ASA/FTD Software to Steal Data

Hackers Exploiting Cisco’s ASA/FTD Software to Steal Data

Networking and hardware company Cisco stated that it has become aware of the availability of public exploit code and active exploitation of a high-severity vulnerability in its web services interface,  Adaptive Security Appliance (ASA) and the Firepower Threat Defense (FTD) software. In a security advisory, Cisco stated that the security vulnerability dubbed as “CVE-2020-3452” could allow an unauthenticated, remote attacker to perform directory traversal attacks and steal sensitive data.

“An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device,” Cisco said.

It is found that the vulnerability affects Cisco products if they are running a vulnerable release of Cisco ASA Software or Cisco FTD Software with a vulnerable AnyConnect or WebVPN configuration. The company also confirmed that this vulnerability does not affect Cisco Firepower Management Center (FMC) Software and cannot be used to obtain access to ASA or FTD system files or underlying operating system files. The company has released software updates to fix the vulnerability.

“The attacker can view files within the web services file system only. The web services file system is enabled for the WebVPN and AnyConnect features outlined in the Vulnerable Products section of this advisory; therefore, this vulnerability does not apply to the ASA and FTD system files or underlying operating system (OS) files. The web services files that the attacker can view may have information such as WebVPN configuration, bookmarks, web cookies, partial web content, and HTTP URLs,” the advisory said.

Counterfeit Cisco Switches

Recently, an investigation report from F-Secure revealed a pair of counterfeit network switches  impersonating the  Cisco network switches.   The counterfeit devices, versions of the Cisco Catalyst 2960-X series switches, were designed to bypass authentication processes to system components. According to the investigation, the counterfeit devices did not have any backdoor functionalities, but had the ability to bypass security controls.  The counterfeits were physically and operationally similar to an authentic Cisco switch. Threat actors either invested heavily in imitating Cisco’s original design or had access to proprietary engineering documentation to create fake copy, the report said.


Subscribe Now to receive Free Newsletter

* indicates required

Select list(s) to subscribe to

By submitting this form, you are consenting to receive marketing emails from: EC-Council, 101 C Sun Ave. NE, Albuquerque, NM, 87109, http://www.eccouncil.org. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact