As BSI experiences, the IT safety alert, which offers with vulnerabilities in Cisco ASA (Adaptive Security Appliance) and Cisco Firepower, has acquired an replace. You can learn the outline of the safety hole together with the newest updates and details about the affected functions and CISCO merchandise.
Federal Office for Security in Information Technology (BSI) revealed an replace on May 22, 2024 relating to a safety vulnerability in Cisco ASA (Adaptive Security Appliance) and Cisco Firepower recognized on April 27, 2022. The safety vulnerability impacts the working system of -CISCO Appliance and Cisco ASA (Adaptive Security Appliance) and Cisco Firepower merchandise.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability will be discovered right here: Cisco Security Advisory cisco-sa-asaftd-dos-nJVAwOeq (From 22 May 2024). Some helpful sources are listed later on this article.
Security Advisory for Cisco ASA (Automated Security Appliance) and Cisco Firepower – Risk: High
Risk stage: 5 (excessive)
CVSS Base Score: 8.8
CVSS provisional rating: 7,9
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop techniques. The CVSS customary makes it attainable to match potential or precise safety dangers primarily based on numerous standards with a purpose to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For momentary impact, body circumstances which will change over time are thought of within the take a look at. According to CVSS, the severity of the present vulnerability is rated as “excessive” with a base rating of 8.8.
Cisco ASA (Adaptive Security Appliance) and Cisco Firepower Bug: Multiple vulnerabilities allow denial of service
The Cisco ASA Appliance supplies utility software program safety capabilities, similar to a firewall or VPN Firewall platform from Cisco
A distant, unknown, or licensed attacker can exploit a number of vulnerabilities in Cisco ASA (Adaptive Security Appliance) and Cisco Firepower to carry out denial of service assaults, expose delicate data, and escalate privileges.
Vulnerabilities are recognized by distinctive CVE (Common Vulnerabilities and Exposures) product numbers. CVE-2022-20715, CVE-2022-20745, CVE-2022-20760, CVE-2022-20742 and CVE-2022-20759 on the market.
Systems affected by the safety hole at a look
working system
CISCO Appliance
Products
Cisco ASA (Adaptive Security Appliance) (cpe:/h:cisco:adaptive_security_appliance)
Cisco Firepower Threat Defense (cpe:/a:cisco:firepower)
General suggestions for coping with IT vulnerabilities
- Users of affected techniques ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This usually incorporates further details about the newest model of the software program in query and the supply of safety patches or efficiency ideas.
- If you may have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to recurrently test the desired sources to see if a brand new safety replace is out there.
Sources for updates, patches and workarounds
Here you can see some hyperlinks with details about bug experiences, safety fixes and workarounds.
Cisco Security Advisory cisco-sa-asaftd-dos-nJVAwOeq vom 2024-05-22 (22.05.2024)
For extra data, see:
to TheWild CVE-2022-20759 dated 2022-05-13 (15.05.2022)
For extra data, see:
Cisco Security Advisory vom 2022-04-27 (27.04.2022)
For extra data, see:
Cisco Security Advisory vom 2022-04-27 (27.04.2022)
For extra data, see:
Cisco Security Advisory vom 2022-04-27 (27.04.2022)
For extra data, see:
Cisco Security Advisory vom 2022-04-27 (27.04.2022)
For extra data, see:
Cisco Security Advisory vom 2022-04-27 (27.04.2022)
For extra data, see:
Version historical past of this safety alert
This is the third model of this IT safety bulletin for Cisco ASA (Adaptive Security Appliance) and Cisco Firepower. If additional updates are introduced, this doc can be up to date. You can examine adjustments or additions on this model historical past.
April 27, 2022 – First model
05/15/2022 – PoC for CVE-2022-20759 added
May 22, 2024 – New updates from Cisco added
+++ Editorial word: This doc is predicated on present BSI knowledge and can be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you can see sizzling information, present movies and a direct line to the editorial group.
kns/roj/information.de