Positive Technologies threat experts have warned that a defect identified this week in Cisco's Firepower Threat Defense (FTD) and Adaptive Security Appliance (ASA) firewalls could potentially contribute to denial-of-service (DoS) attacks.
As per Positive Technologies expert Nikita Abramov, the high-severity bug (CVE-2021-34704) does not demand elevated privileges or specific access to attack. An attacker only needs to create a demand wherein one of the portions is larger than the device expects.
According to Cisco, the flaw is the consequence of poor input validation while parsing HTTPS queries. The problem, if abused, might allow an attacker to compel the device to restart, culminating in a DoS circumstance, according to the vendor.
This has the potential to have a significant effect on the business., noted Abramov. “If attackers disrupt the operation of Cisco ASA and Cisco FTD, a company will be left without a firewall and remote access,” he wrote in a research note.
“If the attack is successful, remote employees or partners will not be able to access the internal network of the organization, and access from outside will be restricted. At the same time, firewall failure will reduce the protection of the company.”
Cisco has already fixed the flaw in the most recent versions of its ASA and FTD firmware.
Positive Technologies further advises concerned clients to use security information and event management (SIEM) solutions to prevent and identify breaches.
The vendor addressed a bug in its Firepower Devices Manager (FDM) and On-Box software in August, allowing the researcher to take complete control of the company's Firepower next-generation firewalls.
The vulnerability, identified by Abramov and threat researcher Mikhail Klyuchnikov, received a severity score of 6.3 on the standard vulnerability ranking methodology.
The vulnerability exploited another flaw in Cisco's FDM On-Box representational state transfer (REST) API, allowing intruders to execute arbitrary code on a compromised device's operating system.
“To exploit this vulnerability, all attackers need to do is to obtain credentials of a user with low privileges and send a specially crafted HTTP request,” Abramov wrote. “From a technical standpoint, the vulnerability is caused by insufficient user input validation for some REST API commands.”
