Cisco fixes critical issue in Cisco Firepower Management Center

Cisco addressed a critical issue in the Cisco Firepower Management Center (FMC) that could allow a remote attacker to bypass authentication and execute arbitrary actions.

Cisco fixed a critical vulnerability in the Cisco Firepower Management Center that could allow a remote attacker to gain administrative access to the web-based management interface of the vulnerable devices and execute arbitrary actions. The vulnerability tracked as CVE-2019-16028 received a CVSS score of 9.8. 

“A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device.” reads the security advisory published by Cisco.

“The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device.”

The issue, Cisco stems from the improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external server. The issue could be triggered by sending crafted HTTP requests to a vulnerable device and gain administrative access to the web-based management interface.

Cisco warns that only Cisco Firepower Management Center configured to authenticate users of the web-based management interface through an external LDAP server are affected. 

“To determine whether external authentication using an LDAP server is configured on the device, administrators can navigate to System > Users > External Authentication and look for an External Authentication Object that uses LDAP as the authentication method. The External Authentication Object must be enabled for the FMC to be affected.” continues the advisory.

Cisco released FMC Software versions 6.4.0.7 and 6.5.0.2 to address the flaw, it also announced the release of patches for versions 6.2.3 (6.2.3.16) and 6.3.0 (6.3.0.6) in February and May 2020, respectively. 

The company confirmed that there are no workarounds that address this vulnerability, it also confirmed that this issue does not affect Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software.

Cisco is not aware of any attack in the wild exploiting the flaw.

Pierluigi Paganini

(SecurityAffairs –
Iran, hacking)

Share On