Cisco have issued a new raft of warnings.
Of the 34 CISCO security updates, 8 affect the company’s Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defence Software.
Eight of the high-rated advisories impacting the company’s Cisco ‘Adaptive Security Appliance Software’ and Cisco ‘Firepower Threat Defence Software’, while involve the latter software product.
Critical
Some of the more critical problems are listed here:-
CVE-2020-3187, a vulnerability in the web services interface in both products that could let an unauthenticated, remote attacker to conduct directory traversal attacks & obtain read & delete access to sensitive files.
CVE-2020-3298 and CVE-2020-3298 also affect both products. It is a vulnerability in the Open Shortest Path First implementation that could allow an unauthenticated, remote attacker to cause the reload of an affected device, which results in a denial of service condition.
Media Gateway
Multiple vulnerabilities in the Media Gateway Control Protocol inspection feature in the two products are covered by CVE-2020-3254. The vulnerabilities are due to inefficient memory management. An attacker could exploit these vulnerabilities by sending crafted MGCP packets through an affected device.
An exploit could allow an attacker to cause memory exhaustion resulting in a restart of an affected device, causing a DoS condition for traffic traversing the device.
