Cisco announced that it has
fixed a vulnerability in Cisco Firepower Device Manager (FDM)
On-Box discovered by Positive Technologies experts Nikita Abramov and Mikhail
Klyuchnikov. This device manager is designed to locally configure Cisco
Firepower NGFW firewalls. According to Forrester Research, Cisco is a
recognized leader in the corporate firewall market.
Vulnerability CVE-2021-1518
gained the CVSS 3.1. score of 6.3. The flaw was discovered in REST API of Cisco FDM On-Box software, and
allowed an authenticated remote attacker to execute arbitrary code in the
operating system of an affected device.
Positive Technologies
researcher, Nikita Abramov explains: "To exploit this vulnerability, all
attackers need to do is to obtain credentials of a user with low privileges and
send a specially crafted HTTP request. From a technical standpoint, the
vulnerability is caused by insufficient user input validation for some REST API
commands."
Cisco FDM On-Box versions
6.3.0, 6.4.0, 6.5.0, 6.6.0, and 6.7.0 are all affected by the vulnerability.
Cisco has released software updates fixing the vulnerability: 6.4.0.12, 6.4.4,
and 6.7.0.2.
NTA/NDR solutions for deep
traffic analysis, in particular PT Network Attack Discovery, can help detect attempts to exploit
vulnerabilities in Cisco firewall. One way to detect signs of penetration is to
use SIEM solutions such as MaxPatrol SIEM,
which help identify suspicious
behavior, register an incident, and prevent intruders from moving laterally
within the corporate network.