An Interest In:
Web News this Week
- March 5, 2024
- March 4, 2024
- March 3, 2024
- March 2, 2024
- March 1, 2024
- February 29, 2024
- February 28, 2024
January 26, 2020 09:33 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/E2RRqZGWflk/cisco-warns-patch-this-critical-firewall-bug-in-firepower-management-center
Cisco Warns: Patch This Critical Firewall Bug in Firepower Management Center
"Cisco is urging customers to update its Firepower Management Center software," ZDNet reported Thursday, "after users informed it of a critical bug that attackers could exploit over the internet."Like many Cisco bugs, the flaw was found in the web-based management interface of its software. The bug has a severity rating of 9.8 out of a possible 10 and means admins should patch sooner rather than later. The vulnerability is caused by a glitch in the way Cisco's software handles Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. Remote attackers could exploit the flaw by sending specially crafted HTTP requests to the device. Devices are vulnerable if they've been configured to authenticate users of the web interface through an external LDAP server... How customers should remediate the issue will depend on which release of Firepower Management Center (FMC) they're running. There is no workaround, but hotfix patches are available for several new releases of FMC, and maintenance releases that address the flaw are scheduled for later this year. "Customers may install a fix either by upgrading to a fixed release or by installing a hotfix patch," Cisco notes... Cisco also disclosed seven high-severity flaws and 19 medium-severity security issues. This FMC critical flaw follows updates made available earlier this month for three critical flaws affecting Cisco's Data Center Network Manager software. The researcher who reported the flaw has released proof-of-concept exploit code, but Cisco says it is not aware of any malicious use of the flaws.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/E2RRqZGWflk/cisco-warns-patch-this-critical-firewall-bug-in-firepower-management-center
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot