Home & Office

Cisco: Patch this critical firewall bug in Firepower Management Center

Customers on old versions of Firepower Management Center will need to upgrade and then patch.
Written by Liam Tung, Contributing Writer

Cisco is urging customers to update its Firepower Management Center software, after users informed it of a critical bug that attackers could exploit over the internet. 

Like many Cisco bugs, the flaw was found in the web-based management interface of its software. The bug has a severity rating of 9.8 out of a possible 10 and means admins should patch sooner rather than later. 

The vulnerability is caused by a glitch in the way Cisco's software handles Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. Remote attackers could exploit the flaw by sending specially crafted HTTP requests to the device. 

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Devices are vulnerable if they've been configured to authenticate users of the web interface through an external LDAP server. The networking company recommends that admins go to System > Users > External Authentication to see whether it's been configured for external LDAP authentication. 

How customers should remediate the issue will depend on which release of Firepower Management Center (FMC) they're running. There is no workaround, but hotfix patches are available for several new releases of FMC, and maintenance releases that address the flaw are scheduled for later this year.  

"Customers may install a fix either by upgrading to a fixed release or by installing a hotfix patch," Cisco notes. 

Cisco recommends that customers on FMC earlier than 6.1.0 – which is no longer supported – migrate to a supported version. However, there is a hotfix available. 

Customers on 6.2.0, 6.2.1, and 6.2.2 should migrate to a new version, such as FMC release 6.2.3, which has a patch available and will see a maintenance release in February, while a maintenance release is coming for systems on release 6.3.0 in May 2020. Release 6.3.0 also has a patch available now. 

Customers on FMC release 6.4.0 need to apply patches or upgrade to release, while customers on FMC 6.5.0 need to upgrade to        

Cisco is recommending that customers on releases earlier than 6.1.0 move to 6.2.3 and apply the patches. Those on 6.1.0 should apply the hotfix or move to 6.2.3 and then apply the hotfix. 

It also notes that this critical bug doesn't affect Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense Software.

SEE: Critical Cisco DCNM flaws: Patch right now as PoC exploits are released

Cisco also disclosed seven high-severity flaws and 19 medium-severity security issues

This FMC critical flaw follows updates made available earlier this month for three critical flaws affecting Cisco's Data Center Network Manager (DCNM) software

The researcher who reported the flaw has released proof-of-concept exploit code, but Cisco says it is not aware of any malicious use of the flaws. 

More on Cisco and networking security

  • Critical Cisco DCNM flaws: Patch right now as PoC exploits are released  
  • Cisco critical bugs: Nexus data center switch software needs patching now  
  • Cisco: All these routers have the same embedded crypto keys, so update firmware  
  • Cisco: These Wi-Fi access points are easily owned by remote hackers, so patch now  
  • Cisco warning: These routers running IOS have 9.9/10-severity security flaw
  • Patch now: Cisco IOS XE routers exposed to rare 10/10-severity security flaw  
  • Seriously? Cisco put Huawei X.509 certificates and keys into its own switches
  • New Cisco critical bugs: 9.8/10-severity Nexus security flaws need urgent update
  • Cisco critical-flaw warning: These two bugs in our data-center gear need patching now
  • Cisco alert: Patch this dangerous bug open to remote attacks via malicious ads
  • Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear
  • Cisco's warning: Patch now, critical SSH flaw affects Nexus 9000 fabric switches
  • Cisco warns over critical router flaw
  • Cisco: These are the flaws DNS hijackers are using in their attacks
  • Cisco bungled RV320/RV325 patches, routers still exposed to hacks
  • Cisco tells Nexus switch owners to disable POAP feature for security reasons
  • Cisco: Patch routers now against massive 9.8/10-severity security hole
  • How to improve cybersecurity for your business: 6 tips TechRepublic
  • New cybersecurity tool lets companies Google their systems for hackers CNET
  • Editorial standards