Cisco Security Alert: CERT-In Warns of Critical Vulnerabilities in Cisco Products, Advises Immediate Updates To Prevent Hacker Access and Data Theft

The vulnerabilities reported in Cisco Adaptive Security Appliance (ASA) software and Cisco Firepower Threat Defense (FTD) software could allow attackers to execute arbitrary commands and code on the underlying operating system with root-level privileges, device to reload unexpectedly, resulting in a denial of service (DoS), CERT-In said in its latest advisory.

Cisco and CERT-In Logo (Photo Credits: Wikimedia Commons)

New Delhi, April 27: The Indian Computer Emergency Response Team (CERT-In) which comes under the Ministry of Electronics & Information Technology, has issued an advisory over three serious vulnerabilities in networking giant Cisco products that could allow hackers to gain access, infiltrate into computer systems and steal data.

The vulnerabilities reported in Cisco Adaptive Security Appliance (ASA) software and Cisco Firepower Threat Defense (FTD) software could allow attackers to execute arbitrary commands and code on the underlying operating system with root-level privileges, device to reload unexpectedly, resulting in a denial of service (DoS), CERT-In said in its latest advisory. CERT-In Warning: Indian Computer Emergency Response Team under MeitY Warns Users of Multiple Vulnerabilities in Microsoft Edge, Advises Users to Update.

The 'Command Injection Vulnerability' exists in the reported software due to the contents of a backup file being improperly sanitised at restore time. "An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device," the cyber agency said.

Another 'Denial of Service Vulnerability' exists due to incomplete error checking when parsing an HTTP header. Attackers could use this vulnerability by "sending a crafted HTTP request to a targeted web server on a device" and the successful exploitation could allow them to cause a "DoS condition when the device reloads". CERT-In Finds Multiple Bugs in Microsoft Products, Advises Users To Apply Appropriate Security Updates.

The third, 'Code Execution Vulnerability' exists due to improper validation of a file when it is read from system flash memory. According to the cyber agency, an attacker could exploit this vulnerability by copying a "crafted file to the disk0: file system of an affected device". In addition, CERT-In advised people to apply appropriate updates as released by Cisco.

(The above story first appeared on LatestLY on Apr 27, 2024 04:30 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).

Share Now

Share Now