BSI has revealed the present IT safety discover for Cisco Firepower. Several dangers have been recognized. You can discover out extra in regards to the affected functions and merchandise and the CVE numbers right here at information.de.
Federal workplace for Security in Information Technology (BSI) issued a safety advisory for Cisco Firepower on May 22, 2024. The software program accommodates a number of vulnerabilities that make it attainable to assault. The safety vulnerability impacts the CISCO Appliance working system and the Cisco Firepower product.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: Cisco Security Advisory (From 22 May 2024). Some helpful hyperlinks are listed later on this article.
Multiple vulnerabilities have been reported for Cisco Firepower – Risk: High
Risk degree: 5 (excessive)
CVSS Base Score: 8.8
CVSS provisional rating: 7,7
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc programs. The CVSS commonplace makes it attainable to match potential or precise safety dangers based mostly on varied standards to create a precedence checklist for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For momentary impact, body situations which will change over time are thought of within the take a look at. According to CVSS, the danger of the present vulnerability is assessed as “excessive” with a base worth of 8.8.
Cisco Firepower Bug: Defects and CVE numbers
Firepower is a firewall platform from Cisco
A distant attacker can exploit a number of vulnerabilities in Cisco Firepower to raise their privileges, execute malicious code, leak delicate info, or bypass safety measures.
Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) ID numbers. CVE-2024-20360, CVE-2024-20261 and CVE-2024-20361 on the market.
Systems affected by the safety hole at a look
working system
CISCO Appliance
Products
Cisco Firepower Management Center Software (cpe:/a:cisco:firepower)
Cisco Firepower Threat Defense Software (cpe:/a:cisco:firepower)
General suggestions for addressing IT safety gaps
- Users of affected programs ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by growing a patch or workaround. If safety patches can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This usually accommodates extra details about the newest model of the software program in query and the provision of safety patches or efficiency ideas.
- If you will have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to frequently verify the desired sources to see if a brand new safety replace is offered.
Manufacturer details about updates, patches and workarounds
Here you’ll discover some hyperlinks with details about bug experiences, safety fixes and workarounds.
Cisco Security Advisories vom 2024-05-22 (22.05.2024)
For extra info, see:
Cisco Security Advisories vom 2024-05-22 (22.05.2024)
For extra info, see:
Cisco Security Advisories vom 2024-05-22 (22.05.2024)
For extra info, see:
Version historical past of this safety alert
This is the primary model of this Cisco Firepower IT Security Notice. This doc might be up to date as updates are introduced. You can see the modifications made utilizing the model historical past under.
May 22, 2024 – First model
+++ Editorial word: This doc is predicated on present BSI information and might be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover sizzling information, present movies and a direct line to the editorial crew.
kns/roj/information.de