Cisco Firepower Threat Defense software was recently patched up for several vulnerabilities which included high-severity security flaws like DoS attacks and arbitrary code execution

Firepower Threat Defense Vulnerabilities:

The Firepower Threat Defense vulnerability tracked as CVE-2021-1448, has been identified as a command injection flaw and scored a severity rating of 7.8 on the CVSS score.

It is, however, mitigated by the certitude that exploitation would require authentication and local access.

An attacker able to abuse it, however, may execute arbitrary commands as root on the underlying OS.

The flaw is apparently a result of user-supplied command arguments lacking validation and impacts Firepower 4100 and Firepower 9300 appliances.

A different flaw, tracked as CVE-2021-1402, was detected to be a result of similar insufficient validation impacting the software-based SSL/TLS message handler of FTD and could be exploited to cause a DoS cyberattack. 

This security flaw has a critical severity rating of 8.6 on the CVSS score.

Remote, unauthenticated attackers could abuse this security hole by sending a “crafted SSL/TLS message through an affected device.” However, messages that are sent to the affected device won’t trigger the bug, Cisco notes.

Affected devices include 3000 series industrial security appliances (ISAs), ASA 5512-X/ASA 5515-X/ASA 5525-X/ASA 5545-X/ASA 5555-X adaptive security appliances, Firepower 1000/2100 series, and Firepower Threat Defense Virtual (FTDv) products.

Regarding the DoS i.e. denial-of-service bugs, four such security vulnerabilities addressed this week in the Firepower Threat Defense seemingly impacts the Cisco Adaptive Security Appliance (ASA) software and could be abused remotely.

Also read,

Four DoS bugs:

Out of the four DoS bugs, three of them tracked as CVE-2021-1445, CVE-2021-1504, and CVE-2021-1501, have a security rating of 8.6 on the CVSS score and do not require authentication.

The fourth one, CVE-2021-1493, with a CVSS score of 8.5 requires authentication.

Among the patches released with Firepower Threat Defense, Cisco also released multiple medium-severity issues, including four in FTD software, five in Firepower Management Center, one in Firepower Device Manager, and one in the Snort detection engine that affects numerous products.

No exploitation in the wild:

Currently, there are no reported cases of these vulnerabilities being exploited in the wild but have recommended updating and install the security patches as soon as possible.