Govt’s cyber agency finds multiple bugs and serious vulnerabilities in Cisco products

Govt's cyber agency finds multiple bugs and serious vulnerabilities in Cisco products

The Ministry of Electronics & Information Technology’s Indian Computer Emergency Response Team (CERT-In) has issued a warning regarding three critical vulnerabilities discovered in Cisco products, which could enable unauthorized access and data theft.

These vulnerabilities, found in Cisco Adaptive Security Appliance (ASA) software and Cisco Firepower Threat Defense (FTD) software, allow attackers to execute arbitrary commands and code with root-level privileges, leading to system crashes and denial of service (DoS) incidents, according to CERT-In’s latest advisory.

The ‘Command Injection Vulnerability’ stems from improperly sanitized contents within a backup file during restoration, providing an avenue for attackers to exploit an affected device.

Another issue, the ‘Denial of Service Vulnerability’, arises from insufficient error checking during HTTP header parsing, allowing attackers to disrupt device operation by sending a manipulated HTTP request.

Lastly, the ‘Code Execution Vulnerability’ is a result of inadequate file validation when read from system flash memory, enabling attackers to introduce harmful files into affected devices.

CERT-In recommends promptly applying Cisco’s released updates to mitigate these risks.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

Sign Up for CXO Digital Pulse Newsletters

Sign Up for CXO Digital Pulse Newsletters to Download the Research Report

Sign Up for CXO Digital Pulse Newsletters to Download the Coffee Table Book

Sign Up for CXO Digital Pulse Newsletters to Download the Vision 2023 Research Report

Download 8 Key Insights for Manufacturing for 2023 Report

Sign Up for CISO Handbook 2023

Download India’s Cybersecurity Outlook 2023 Report

Unlock Exclusive Insights: Access the article