Cisco Patches 27 Vulnerabilities in Network Security Products


On Wednesday, Cisco released software upgrades for its Firepower Management Center (FMC), Firepower Threat Defense (FTD), and Adaptive Security Appliance (ASA) products. These updates resolve a combined total of 27 vulnerabilities. The IT business released 22 security advisories detailing weaknesses of critical, high, and medium severity in its three network security products as part of its semiannual packed publishing.

CVE-2023-20048 (CVSS score of 9.9), a command injection bug in FMC caused by “insufficient authorization of configuration commands that are sent through the web service interface” of the impacted product, is the most serious of these problems.x000D According to Cisco, a logged-in attacker might use specially crafted HTTP queries to take advantage of the flaw and issue configuration commands to a targeted FTD device.

Read More…