New Cisco Adaptive Security Appliance Vulnerability Discovered
See our other story on ASA: link
Another vulnerability discovered relating to Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) has been found. It targets a legacy capability in these systems that enables the preloading of VPN clients and plugins. Essentially, an attacker could exploit a vulnerability of this kind to execute arbitrary code with root-level privileges. The attacker cannot do this without Administrator-level privileges, preventing this issue from being too concerning but still dangerous as we will soon see.
What is Cisco Adaptive Security Appliance (ASA)
The operating system for Cisco’s line of security devices is in the Cisco ASA Family. These technologies are designed and tailored for corporate networks and data centers. It is used in products like dedicated firewalls and provides effective capabilities such as IPS, VPNs, and Cisco TrustSec security group tags.
What is Cisco Firepower Threat Defense (FTD)
The software enables the flagging of specific network traffic patterns and better network control. Cisco FTD policies detect and recognize traffic and are typically used to make networks more efficient and less wasteful of resources.
What is Code Injection
It refers to attacks that target vulnerabilities, allowing for the insertion or injection of code meant to be executed by the application or system, usually to modify its behavior for some end. It is enabled by systems that do not adequately perform validation for the format of the data, the amount of data, and/ or the content of data.
If successful, a Code Injection attack may threaten clients’ or users’ confidentiality, the system’s availability, or the system’s integrity.
How the Vulnerability Works
A file read from the system’s flash memory is the attack vector. A file crafted by an attacker to exploit this vulnerability may copy the said file to a location called ‘disk0’, the device’s file system. Arbitrary Code Execution may occur on an affected device, altering system behavior.
What makes this vulnerability concerning–indeed, what motivated Cisco to to raise its Security Impact Rating (SIR) from Medium to High–is that this Code Injection is able to persist on the device after it is rebooted. Deactivating the affected system will not erase potential malware, essentially.
Learn More
You can learn more about Vulnerabilities from a reputable source at NIST‘s National Vulnerability Database (NVD), a registry of all the various kinds of security vulnerabilities as yet discovered where one can find each categorized, ranked, and explained in detail.
Another source where one may find information about security threats, attacks, or best practices is OWASP’s website where one may learn extensively about the various kinds of security threat and even get involved with their activities and participate in learning.
Source:
https://owasp.org/www-community/attacks/Code_Injection
https://nvd.nist.gov/vuln/detail/CVE-2024-20359?ref=thestack.technology
