The Ministry of Electronics & Information Technology’s Indian Computer Emergency Response Team (CERT-In) has issued a warning regarding three critical vulnerabilities discovered in Cisco products, which could enable unauthorized access and data theft.
These vulnerabilities, found in Cisco Adaptive Security Appliance (ASA) software and Cisco Firepower Threat Defense (FTD) software, allow attackers to execute arbitrary commands and code with root-level privileges, leading to system crashes and denial of service (DoS) incidents, according to CERT-In’s latest advisory.
The ‘Command Injection Vulnerability’ stems from improperly sanitized contents within a backup file during restoration, providing an avenue for attackers to exploit an affected device.
Another issue, the ‘Denial of Service Vulnerability’, arises from insufficient error checking during HTTP header parsing, allowing attackers to disrupt device operation by sending a manipulated HTTP request.
Lastly, the ‘Code Execution Vulnerability’ is a result of inadequate file validation when read from system flash memory, enabling attackers to introduce harmful files into affected devices.
CERT-In recommends promptly applying Cisco’s released updates to mitigate these risks.
 has issued...){kind=link}