Grave Authentication Vulnerability In Cisco Firewall Management Tool

Posted on by

USG spyware vendor Cisco has announced a vulnerability affecting their "Firepower Management Center" allowing unauthenticated control via specially crafted http requests (archived). No workaround to mitigate the vulnerability is being offered, only mandatory patches. Cisco claims no knowledge of the flaw being exploited in the wild despite it having the appearance of a bespoke USG NOBUS hole.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>