Cisco patches bugs in security admin center and Webex – Naked Security


Cisco has patched a critical bug that could give attackers unauthorised access to Firepower Management Centre (FMC), the device that controls all of its security products.

Cisco’s FMC is an administrative controller for the company’s network security products, giving administrators access to firewalls, application controllers, intrusion prevention, URL filtering, and malware protection systems. According to the company’s advisory, issued on 22 January, the vulnerability could allow a remote attacker to execute administrative commands on the device after bypassing authentication.

The problem lies in how the FMC handles authentication responses from Lightweight Directory Access Protocol (LDAP) servers. LDAP is a popular protocol that applications use to access directories (known as directory system agents). The directories hold information about users, including their access credentials.

The FMC is only vulnerable if it uses an external LDAP server to authenticate users of its web-based management interface. Cisco advises customers to check these using the product’s administrative interface. Go to the System menu, then Users, and finally External Authentication. Look for an External Authentication Object that is enabled and lists LDAP as its authentication method.