Ilkin Gasimov

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) Description: A vulnerability in the Cisco FXOS CLI feature could allow an authenticated, local attacker to elevate their administrative privileges to root. The attacker would need valid administrative credentials on the device to exploit this vulnerability. This issue exists due to insecure storage and permissions of certain system configurations and executable files. An attacker could exploit this vulnerability by authenticating on the device, downloading malicious system files, and accessing the Cisco FXOS CLI to configure the attack. A successful exploit could allow the attacker to obtain root access on the device. Recommendations: For Cisco Adaptive Security Appliance (ASA) Software, consider restricting access to the Cisco FXOS CLI feature until a patch is available. For Cisco Firepower Threat Defense (FTD) Software, consider disabling the execution of malicious system files and limiting administrative privileges to minimize the risk of exploitation. As a temporary workaround, consider implementing additional access controls and monitoring for suspicious activity on the device.

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) Description: A vulnerability in the TLS cryptography functionality could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This issue is due to improper data validation during the TLS 1.3 handshake. An attacker could exploit this by sending a crafted TLS 1.3 packet to an affected system through a TLS 1.3-enabled listening socket, such as "/api/v1/login" or "/users/{id}", using vulnerable parameters like `username` or `password`. The vulnerability can also impact the integrity of a device by causing VPN HostScan communication failures or file transfer failures when Cisco ASA Software is upgraded using Cisco Adaptive Security Device Manager (ASDM). Recommendations: For Cisco Adaptive Security Appliance (ASA) Software, consider disabling the TLS 1.3 handshake functionality until a patch is available. For Cisco Firepower Threat Defense (FTD) Software, restrict access to the TLS 1.3-enabled listening socket to minimize the risk of exploitation. As a temporary workaround, consider disabling the `checkPassword()` function or similar vulnerable functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software (affected versions not specified) Description: A vulnerability exists in the implementation of access control rules for loopback interfaces. This issue could allow an unauthenticated, remote attacker to send traffic that should have been blocked to a loopback interface. The vulnerability is due to improper enforcement of access control rules for loopback interfaces, potentially allowing an attacker to bypass configured access control rules. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco FXOS Software (affected versions not specified) **Description** A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) **Description** The issue is related to insufficient validation of command arguments in the Command Line Interface (CLI) of Cisco Firepower Threat Defense (FTD) Software. This could allow an authenticated, local attacker to execute arbitrary commands with root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance Software (ASA) and Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) Description: The issue is related to insufficient input validation of commands supplied by the user in the CLI of the affected software. This could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root privileges. The attacker must have valid administrator-level credentials to exploit this issue. Recommendations: To resolve the issue, update the software to a version that includes the fix for this problem. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) **Description** A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. This vulnerability is due to insufficient validation of user input for the file path in a specific CLI command. A successful exploit could cause system instability if important system files are overwritten. An attacker could exploit this vulnerability by logging in to a targeted device and issuing a specific CLI command with crafted user input, such as `file path`, allowing the attacker to overwrite arbitrary files on the file system of the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco products (affected versions not specified) Description: The issue is related to a vulnerability in the Snort detection engine, which could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. This is due to incorrect handling of an HTTP range header. An attacker could exploit this by sending crafted HTTP packets through an affected device, potentially allowing them to bypass the configured file policy for HTTP packets and deliver a malicious payload. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) **Description** The issue is related to a buffer underrun in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Firepower Threat Defense (FTD) Software. This could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device by sending a crafted SSL/TLS message. The vulnerability is due to a communication error between internal functions, which can cause the affected device to crash and reload. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.