Multiple Vulnerabilities in Cisco Adaptive Security Appliance and Firepower Threat Defense Could Allow for Directory Traversal Attacks

ITS Advisory Number: 
2020-062
Date(s) Issued: 
Friday, May 8, 2020
Subject: 
Multiple Vulnerabilities in Cisco Adaptive Security Appliance and Firepower Threat Defense Could Allow for Directory Traversal Attacks
Overview: 

Multiple vulnerabilities have been discovered in Cisco Products, the most severe of which could allow for directory traversal attacks. Cisco is a vendor for IT, networking and cybersecurity solutions. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system.

 

THREAT INTELLIGENCE:

There is currently no reports of these vulnerabilities being exploited in the wild.

Systems Affected: 
  • Cisco Adaptive Security Appliance versions prior to 9.14
  • Cisco Firepower Threat Defense versions prior to 6.6.0
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
Low
Description: 

Multiple vulnerabilities have been discovered in Cisco Products, the most severe of which could allow for directory traversal attacks. This vulnerability can be exploited by sending a crafted HTTP request containing directory traversal character sequences. Details of the vulnerabilities are as follows:

  • CVE-2020-3187: Path traversal attack
  • CVE-2020-3125: insufficient identity verification of the Kerberos key distribution center leads to authentication bypass
  • CVE-2020-3259: buffer tracking issue when the software parses invalid URLs, allows for attacker to retrieve memory contents
  • CVE-2020-3254: inefficient memory management, Denial of Service         
  • CVE-2020-3196: improper resource management for inbound SSL/TLS connections ,Denial of Service          
  • CVE-2020-3298: improper memory protection mechanisms while processing certain OSPF packets ,Denial of Service
  • CVE-2020-3191: incorrect processing of certain OSPF packets leads to memory leak, Denial of Service
  • CVE-2020-3195: incorrect processing of certain OSPF packets ,Denial of Service           

Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system.

Actions: 
  • After appropriate testing, immediately apply the patches or mitigations provided by Cisco to vulnerable systems. 
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
  • Apply the Principle of Least Privilege to all systems and services.