Vulnerability

Cisco Firepower Device Manager Software Flaw Let Attackers Execute Remote Code

A vulnerability tracked as (CVE-2021-1518) rated medium severity, found in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software, might allow an attacker to execute arbitrary code on the underlying operating system of an affected device.

The flaw has a CVSS score of 6.3, reported by security researchers of Positive Technologies, Nikita Abramov, and Mikhail Klyuchnikov.

To exploit this vulnerability, an attacker sends a crafted HTTP request to the API subsystem of an affected device. The flaw could be exploited by an attacker having valid user credentials.

According to the report, “This vulnerability is due to insufficient sanitization of user input on specific REST API commands. An attacker could exploit this vulnerability by sending a crafted HTTP request to the API subsystem of an affected device.”

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

The report says this vulnerability affected Cisco FDM On-Box Software. Cisco mentions it’s not aware of the vulnerability being exploited in the wild.

Fixes for the Vulnerability

Cisco software releases and the fixes for the vulnerability:

Cisco advised its customers to frequently consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.

Furthermore, customers should make sure the devices that are upgraded, include sufficient memory and verify that current hardware and software configurations will continue to be supported properly by the new release.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Navigating Cybersecurity Frameworks – CISO Resource Guide

The role of the Chief Information Security Officer (CISO) has never been more critical. As…

23 minutes ago

How Digital Forensics Supports Incident Response: Insights For Security Leaders

Digital forensics and incident response (DFIR) have become fundamental pillars of modern cybersecurity. As cyber…

53 minutes ago

Identity and Access Management (IAM) – The CISO’s Core Focus in Modern Cybersecurity

In an era where digital identities have become the primary attack vector, CISOs face unprecedented…

54 minutes ago

MDR vs. Traditional Security Operations: What’s Right For Your Penetration Testing Team?

In the ever-changing world of cybersecurity, organizations are constantly challenged to choose the right security…

1 hour ago

Building Trust Through Transparency – CISO Cybersecurity Practices

In an era of digital transformation and rising cyber threats, Building Trust Through Transparency has…

3 hours ago

DragonForce and Anubis Ransomware Operators Unveils New Affiliate Models

Despite significant disruptions by international law enforcement operations targeting major ransomware schemes, cybercriminal groups continue…

21 hours ago