Cisco fixes critical flaw in network management platform

The latest security hole is patched just days before the firm’s flagship Cisco Live 2020 conference

Cisco has urged its customers to update their Firepower Management Center (FMC) after patching a critical vulnerability that could have given attackers administrative privileges on affected devices.

Dubbed CVE-2019-16028, the vulnerability has been found in the firm’s platform for managing its network security products, including firewalls or malware protection. It has been given a CVE rating of 9.8, meaning it has been branded as ‘critical’

Related Resource

How targeted simulations differ from penetration tests and vulnerability scanning

Stay one step ahead of cyber attackers

Download now

“The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server,” an advisory from the company said

“An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device.

“The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.”

The flaw affects numerous versions of FMC, including several that have reached end-of-life, namely 6.1.0, 6.2.0, 6.2.1, and 6.2.2. Cisco has advised businesses using these iterations to upgrade to a release that integrates the fix before patching, such as versions 6.2.3, 6.3.0, 6.4.0, or 6.5.0. 

The networking giant’s latest security issue has arisen just days before the firm is set to host its flagship Cisco Live 2020 conference in Barcelona.

The company has endured a topsy-turvy 2019, with a spate of security issues and negative headlines affecting its fortunes. For example, in August last year, three major vulnerabilities were found in the most popular switches used by its small and medium-sized business (SMB) customers. 

This is in addition to its WebEx and Zoom platforms being hit with the ‘prying eye’ flaw in October, that would allow an attacker to use an enumeration attack to find open calls or meetings, if successfully exploited.

Featured Resources

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

6 ways your business could suffer if you don’t backup Office 365

Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for good

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now

8 digital best practices for IT professionals

Don't leave anything to chance when going digital

Download now

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020
Visit/software/linux/354831/microsoft-to-add-defender-antivirus-software-to-linux-ios-and-android
Linux

Microsoft to add Defender antivirus software to Linux, iOS and Android

21 Feb 2020