cisco-sa-20200122-fmc-auth: Cisco Firepower Management Center Lightweight Directory Access Protocol Authentication Bypass Vulnerability
First published: Wed Jan 22 2020(Updated: )
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Firepower Management Center Software | >=6.4.0<=6.5.0<6.5.0.23=6.3.0<6.3.0.6 (May 2020)>=Earlier than 6.1.0=6.1.0=6.2.0=6.2.1=6.2.2<=6.2.3<6.2.3.16 (February 2020) | 6.5.0.23 6.3.0.6 (May 2020) 6.2.3.16 (February 2020) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of cisco-sa-20200122-fmc-auth?
The cisco-sa-20200122-fmc-auth vulnerability is rated as critical due to its potential for unauthorized access and administrative control.
How do I fix cisco-sa-20200122-fmc-auth?
To fix cisco-sa-20200122-fmc-auth, upgrade your Cisco Firepower Management Center software to a version that is not affected by the vulnerability.
Which versions of Cisco FMC are affected by cisco-sa-20200122-fmc-auth?
Affected versions of Cisco FMC include versions prior to 6.4.0, and specific versions like 6.3.0 and 6.2.3.16.
Can exploitation of cisco-sa-20200122-fmc-auth be detected?
Detection of cisco-sa-20200122-fmc-auth exploitation may be challenging due to the unauthorized access and actions occurring without authentication.
What actions can an attacker perform through cisco-sa-20200122-fmc-auth?
An attacker can execute arbitrary actions with administrative privileges on the affected device due to the bypassed authentication.
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/title
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco firepower management center software
- version/cisco firepower management center software/6.4.0
- version/cisco firepower management center software/6.5.0
- version/cisco firepower management center software/6.3.0
- version/cisco firepower management center software/earlier than 6.1.0
- version/cisco firepower management center software/6.1.0
- version/cisco firepower management center software/6.2.0
- version/cisco firepower management center software/6.2.1
- version/cisco firepower management center software/6.2.2
- version/cisco firepower management center software/6.2.3