The official site for Saudi CERT
Cisco Updates
1984
Warning Date
Severity Level
Warning Number
Target Sector
11 May, 2020
● Medium
2020-1220
All
Description:
Cisco has released security updates to address multiple vulnerabilities in the following products :
- Cisco FTD Software releases earlier than Release 6.5.0.
- Cisco FTD Software releases earlier than Release 6.4.0.9 and Release 6.5.0.5.
- Cisco FTD Software releases earlier than releases 6.2.3.15, 6.3.0.5, and 6.4.0.6.
- Cisco FTD Software releases earlier than releases 6.2.3.15, 6.3.0.5, and 6.4.0.6.
- Cisco Adaptive Security Appliance (ASA) Software releases earlier than releases 9.10.1.37, 9.12.3, and 9.13.1.2
- Cisco Firepower Threat Defense (FTD) Software releases earlier than Release 6.6.0, if the software is running on a Cisco Firepower 2100 Series Security Appliance.
- Cisco Firepower Management Center (FMC) releases earlier than Release 6.2.2.3.
- Cisco FMC Software releases earlier than Release 6.5.0 if they had a Firepower User Agent Software release earlier than Release 2.5.0 enabled.
- Cisco FMC Software releases earlier than Release 6.2.2.2.
- Cisco FMC Software releases earlier than Release 6.3.0.
- Cisco FDM On-Box software releases earlier than Release 6.2.3.
- Cisco ASA Software or Cisco FTD Software.
- Cisco Firepower 1000 Series appliances if they are running a vulnerable release of Cisco FTD Software and have a feature enabled.
- Cisco FTD Software releases 6.2.3.12, 6.2.3.13, 6.2.3.14, and 6.2.3.15 if VPN System Logging is configured.
- Cisco FTD Software releases 6.3.0 and 6.4.0.
- Cisco Umbrella.
- IMC Supervisor releases 1.1.0.0 and later, earlier than Release 2.2.1.3
- UCS Director releases 5.4.0.0 and later, earlier than Release 6.7.4.0
- UCS Director Express for Big Data releases 2.0.0.0 and later, earlier than Release 3.7.4.0
- Cisco FTD Software releases 6.4.0 through 6.4.0.8 with an SSL/TLS policy with URL category configured.
- Cisco SMA Software releases earlier than Release 13.6.
- Cisco FTD Software releases earlier than Release 6.2.2.1.
- Cisco HCM-F Software releases earlier than Release 12.5(1)SU2.
Threats:
- Denial of service attack (DoS)
- Cross-site request forgery (CSRF)
- Execute arbitrary code
Best practice and Recommendations:
The CERT team encourages users to apply the necessary updates according to the link below:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hcmf-xxe-qqCMAUJ2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sigbypass-FcvPPCeP
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-opn-rdrct-yPPMdsMQ
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-bypass-O5tGum2n
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-Ar6BAguz
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-head-inject-n4QArJH
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xpftd-gYDXyN8H
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-2-sS2h7aWe
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-N2vQZASR
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-Rdpe34sd8
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-dos-4v5nmWtZ
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-BqYFRJt9
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-P43GCE5j
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-qk8cTGLz
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fdmfo-HvPWKxDe
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-webredirect-TcFgd42y
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmcai-z5dQObVN
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmcua-statcred-weeCcZct
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmcxss-UT3bMx9k
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fp2100-arp-dos-kLdCK8ks
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-accesslist-bypass-5dZs5qZp
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-infodis-kZxGtUJD
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-mgmt-interface-dos-FkG4MuTU
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-shell-9rhJF68K
Rate the content
Share the page
