Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: CISCO fixed multiple vulnerabilities in CISCO Firepower Management Center Software, patch immediately!
Image
Gepubliceerd : 23/05/2024
Reference:
Advisory #2024-73
Version:
1.0
Affected software:
Cisco Firepower Management Center Software
Type:
SQL injection vulnerability
CVE/CVSS:
CVE-2024-20360 CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Sources
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
Risks
Cisco addressed multiple vulnerabilities, one of which affects the Cisco Firepower Management Center Software. Successful exploitation would allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
The impact on the Confidentiality, Integrity and Availability is High.
Description
An attacker could exploit this vulnerability by authenticating to the application and sending crafted SQL queries to an affected system.
Successful exploitation could allow the attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root.
To exploit this vulnerability, an attacker would need at least Read Only user credentials.
Cisco also disclosed several other vulnerabilities that, while less critical, are still noteworthy.
- CVE-2024-20363: Multiple Cisco Products, Snort 3 HTTP Intrusion Prevention System Rule Bypass Vulnerability
- CVE-2024-2026: Cisco Firepower Threat Defense Software, Encrypted Archive File Policy Bypass Vulnerability
- CVE-2024-20361: Cisco Firepower Management Center Software, Object Group Access Control List Bypass Vulnerability
- CVE-2024-20355: Cisco Adaptive Security Appliance and Firepower Threat Defense Software, Authorization Bypass Vulnerability
- CVE-2024-20293: Cisco Adaptive Security Appliance and Firepower Threat Defense Software, Inactive-to-Active ACL Bypass Vulnerability
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion. In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.