Cisco has released 12 High severity security advisories for Cisco Adaptive Security Appliance (ASA) Software and Firepower products.
In addition, a security fix was also released to address a Snort HTTP detection engine file policy bypass Vulnerability.
A bad actor could exploit these vulnerabilities to take control of impacted network devices.
Here are the latest Cisco patches broken out by High and Medium severity, released from May 6 through May 8, 2020.
High severity ASA and Firepower vulnerabilities
Cisco patched the following 12 High risk vulnerabilities that affect ASA and Firepower products (along with CVEs):
- Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Malformed OSPF Packets Processing Denial of Service Vulnerability (CVE-2020-3298)
- Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability (CVE-2020-3187)
- Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability (CVE-2020-3196)
- Cisco Adaptive Security Appliance Software Kerberos Authentication Bypass Vulnerability (CVE-2020-3125)
- Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Media Gateway Control Protocol Denial of Service Vulnerabilities (CVE-2020-3254)
- Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPv6 DNS Denial of Service Vulnerability (CVE-2020-3191)
- Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability (CVE-2020-3259)
- Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF Packets Processing Memory Leak Vulnerability (CVE-2020-3195)
- Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability (CVE-2020-3283)
- Cisco Firepower Threat Defense Software VPN System Logging Denial of Service Vulnerability (CVE-2020-3189)
- Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability (CVE-2020-3255)
- Cisco Firepower Threat Defense Software Generic Routing Encapsulation Tunnel IPv6 Denial of Service Vulnerability (CVE-2020-3179).
Many of these vulnerabilities could allow an unauthenticated, remote attacker to launch denial of service attacks or read sensitive information.
Snort detection engine vulnerability
Cisco also patched a Snort HTTP detection engine file policy bypass vulnerability CVE-2020-3315 that affects multiple Cisco products.
A remote, unauthenticated attacker could exploit this issue to bypass the configured file policies on an affected system.
“The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system,” Cisco stated in the advisory.
Impacted products include:
- Integrated Services Routers (ISRs) – 1000, 3000 and 4000 series
- Cloud Services Router 1000V Series
- Firepower Threat Defense (FTD) Software
- Integrated Services Virtual Router (ISRv).
Finally, Cisco also addressed over 20 other Medium risk vulnerabilities on May 6, 2020. Affected products include Umbrella, ASA, Firepower, Content Security Management Appliance and others.
Check out the latest Cisco advisories as of May 8, 2020. Network administrators should deploy security updates to affected devices as soon as possible.