Cisco has released a new update / patch to this new vulnerability 22.7.2020. The code to this vulnerability can be found at Cisco website, so make sure you update your drivers immediately.
In terms of the vulnerability of Cisco network equipment, software versions for ASA and Firepower users. The vulnerability could allow authentication to be bypassed and sensitive information to be read.
The vulnerability is due to incomplete input verification of network addresses in HTTP requests.
The attacker can abuse this vulnerability by sending custom input in HTTP request and access the system. Fortunately this vulnerability does not allow the attacker to get to systemfiles in ASA or Firepower.
Target
Active devices on a network are devices that are usually invisible to the average user, such as routers, switches, and firewalls. These devices and their software forward or filter network traffic.
Attack method
A remote attack can be made over a network connection or the like without accessing the target system itself.
Without logging / backdooring
The attack does not require logging on to the target system. The opposite is attacks that require the use of a username and password and, for example, the execution of commands while logged on to the system.
How to fix Cisco ASA & Firepower vulnerability
A software or hardware manufacturer usually releases a new version or partial update to the software or operating system shortly after the vulnerability becomes known. An update may be available while the vulnerability is released, but it often has to wait a while.
Improve your internet security with these VPNs
- Compatible with Netflix, BBC & Disney
- Free 30 day trial
- Unlimited Torrents
- Over 55 countries
- Compatible with Netflix, BBC & Disney
- Free 30 day trial
- Unlimited Torrents
- Over 90 countries
- No-log policy
- Compatible with Netflix, BBC & Disney
- Free 45 day trial
- Unlimited Torrents
- Over 90 countries
- No-log policy
- Fast and secure VPN connection
- Free 31 day trial
- Unlimited Torrents
- Over 2000 servers
- Dedicated IP