Cisco Network Security Flaw - Patch It Before Attackers Get To It

Instances of active exploitation

• The vulnerability, which affects Cisco ASA Software or Cisco FTD Software with a vulnerable AnyConnect or WebVPN configuration, is already being exploited in the wild by some attackers.
• The vulnerability (CVE-2020-3452), with a CVSS score of 7.5 out of 10, exists due to a lack of proper input validation of URLs in HTTP requests processed by affected devices.
• Attackers have started actively targeting vulnerable versions of the Cisco ASA/FTD products, where the patches have not yet been applied.
• Rapid7 Labs found that since the patch was issued, only about 10% of the total 85,000 internet-accessible Cisco ASA/FTD devices, and only 27 of the 398 detected in Fortune 500 companies appeared to have been patched or rebooted.

Swimming on the endless potential threat surface

• Unauthenticated attackers can view arbitrary files within the web services file system on the targeted device.
• A potential attacker can gain access to sensitive files or information such as WebVPN configuration, bookmarks, web cookies, partial web content, and HTTP URLs within the web services file system.

Recent ASA/FTD vulnerabilities

• In May 2020, Cisco released 12 vulnerabilities in ASA and FTD software. The vulnerabilities were ranked high and tracked as CVE-2020-3191, CVE-2020-3298, CVE-2020-3254, CVE-2020-3195, and CVE-2020-3125, among others.
• In October 2019, Cisco issued fixes for 18 vulnerabilities (CVE-2019-12673, CVE-2019-12677, CVE-2019-12678, and others) in the firmware for ASA, FTD, and Firepower Management Center (FMC) products.

The Bottom Line