Cisco Updates
2068Warning Date
Severity Level
Warning Number
Target Sector
29 April, 2021
● High
2021-2846
All
Description:
Cisco has released security updates to address multiple vulnerabilities in the following products:
- Cisco products if they are running a vulnerable release of Cisco ASA Software or FTD Software and have a vulnerable AnyConnect VPN or WebVPN configuration
- 3000 Series Industrial Security Appliances (ISAs)
- ASA 5512-X Adaptive Security Appliance
- ASA 5515-X Adaptive Security Appliance
- ASA 5525-X Adaptive Security Appliance
- ASA 5545-X Adaptive Security Appliance
- ASA 5555-X Adaptive Security Appliance
- Firepower 1000 Series
- Firepower 2100 Series
- Firepower Threat Defense Virtual (FTDv)
- Firepower 4100 Series appliances
- Firepower 9300 Series appliances
- 1000 Series Integrated Services Routers (ISRs)
- 3000 Series Industrial Security Appliances (ISAs)
- 4000 Series Integrated Services Routers (ISRs)
- Catalyst 8000V Edge Software
- Catalyst 8200 Series Edge Platforms
- Catalyst 8300 Series Edge Platforms
- Catalyst 8500L Series Edge Platforms
- Cloud Services Router 1000V Series
- Firepower Threat Defense (FTD) Software
- Integrated Services Virtual Router (ISRv)
- Open Source Snort 2
- Cisco FTD Software releases 6.4.0 and later.
- FMC Software :
- 6.4.0.11 and earlier
- Earlier than 6.6.3
- Earlier than 6.7.0.2
- Cisco FDM On-Box Software releases earlier than 6.5.0.5, 6.6.3, and 6.7.0.
- ASA Software releases 9.13 through the first fixed release
- FTD Software releases 6.5 through the first fixed release
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service (DoS)
- Cross-site scripting (XSS)
- Execute arbitrary code
Best practice and Recommendations:
The CERT team encourages users to review Cisco security advisory and apply the necessary updates:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-memc-dos-fncTyYKG
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinj-vWY5wqZT
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-vpn-dos-fpBcpEcD
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-sipdos-GGwmMerC
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-overwrite-XknRjGdB
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-yT8LNSeA
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-iac-pZDMQ4wC
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fdm-xxe-zR7sxPfs
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fdm-dos-nFES8xTN
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-cmd-inj-SELprvG
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-cmdinj-TKyQfDcU