Critical Vulnerability in Cisco Product (CVE-2019-16028)

Background

Cisco has released a security update to address a critical vulnerability (CVE-2019-16028). This vulnerability exists in the web-based management interface of Cisco Firepower Management Center (FMC) and is due to the improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. Attackers can exploit this vulnerability by sending specially crafted HTTP requests to an affected device.

Affected Products

Cisco FMC Software that is configured to authenticate users of web-based management interface through an external LDAP server.

Impact

Successful exploitation of this vulnerability could allow an attacker to gain administrative access to the web-based management interface of the affected device and execute arbitrary actions on the affected device.

Recommendations

System administrators (SA) of affected products are advised to install the latest security updates immediately. SA of software releases 6.0.1 and earlier, are advised to migrate to a supported release that includes a fix for this vulnerability. SA running software releases 6.2.0, 6.2.1 or 6.2.2, are advised to migrate either to a release that integrates the fix or to a release for which a hotfix patch is available. More details on the security alert can be found at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth#vp

References

https://tools.cisco.com/security/center/publicationListing.x