There is a critical vulnerability in Cisco Firepower Management Center, according to a security advisory released by the company The vulnerability, which earns a CVSS score of 9.8, allows for an attacker to gain administrative rights to the FMC and execute arbitrary actions. All of this can, thanks to the exploitable vulnerability, be done remotely by an unauthenticated attacker. Cisco says it “has released software updates that address this vulnerability.” There is at this time no known workaround for the issue other than installing the software fixes Cisco releases for the issue.
Cisco describes the cause of the Firepower Management Center critical vulnerability in the below excerpt from the security advisory:
The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device.
Additionally, Cisco states that there is a way to check for external authentication using LDAP:
To determine whether external authentication using an LDAP server is configured on the device, administrators can navigate to System > Users > External Authentication and look for an External Authentication Object that uses LDAP as the authentication method. The External Authentication Object must be enabled for the FMC to be affected.
Cisco was made aware of this vulnerability via researchers Michael J. Venema of Family Care Network and Johan Anderström of QLS. As of this article’s writing, there has been no exploitation reported by cybersecurity experts or Cisco. But now that the security advisory has detailed the flaw, this is likely going to change. Admins in charge of Cisco systems are advised to patch as soon as possible to prevent attacks.
Cisco has dealt with a number of vulnerabilities in addition to this Firepower Management Center flaw to start the new year. If anything has been learned about Cisco, it is that this will definitely not be the last vulnerability we see reported on this year.
Yes, 2020 is going to be a long year.
Featured image: Flickr / DennisM2
