Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Cisco Product (CVE-2019-16028)
Alerts

Critical Vulnerability in Cisco Product (CVE-2019-16028)

29 January 2020

Background

Cisco has released a security update to address a critical vulnerability (CVE-2019-16028). This vulnerability exists in the web-based management interface of Cisco Firepower Management Center (FMC) and is due to the improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. Attackers can exploit this vulnerability by sending specially crafted HTTP requests to an affected device.

Affected Products

Cisco FMC Software that is configured to authenticate users of web-based management interface through an external LDAP server.

Impact

Successful exploitation of this vulnerability could allow an attacker to gain administrative access to the web-based management interface of the affected device and execute arbitrary actions on the affected device.

Recommendations

System administrators (SA) of affected products are advised to install the latest security updates immediately. SA of software releases 6.0.1 and earlier, are advised to migrate to a supported release that includes a fix for this vulnerability. SA running software releases 6.2.0, 6.2.1 or 6.2.2, are advised to migrate either to a release that integrates the fix or to a release for which a hotfix patch is available. More details on the security alert can be found at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth#vp

References

https://tools.cisco.com/security/center/publicationListing.x

Back to top