New Delhi, April 27 (IANS) The Indian Computer Emergency Response Team (CERT-In) which comes under the Ministry of Electronics & Information Technology, has issued an advisory over three serious vulnerabilities in networking giant Cisco products that could allow hackers to gain access, infiltrate into computer systems and steal data.
The vulnerabilities reported in Cisco Adaptive Security Appliance (ASA) software and Cisco Firepower Threat Defense (FTD) software could allow attackers to execute arbitrary commands and code on the underlying operating system with root-level privileges, device to reload unexpectedly, resulting in a denial of service (DoS), CERT-In said in its latest advisory.
The ‘Command Injection Vulnerability’ exists in the reported software due to the contents of a backup file being improperly sanitised at restore time.
“An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device,” the cyber agency said.
Another ‘Denial of Service Vulnerability’ exists due to incomplete error checking when parsing an HTTP header.
Attackers could use this vulnerability by “sending a crafted HTTP request to a targeted web server on a device” and the successful exploitation could allow them to cause a “DoS condition when the device reloads”.
The third, ‘Code Execution Vulnerability’ exists due to improper validation of a file when it is read from system flash memory.
According to the cyber agency, an attacker could exploit this vulnerability by copying a “crafted file to the disk0: file system of an affected device”.
In addition, CERT-In advised people to apply appropriate updates as released by Cisco.
–IANS
shs/svn
Disclaimer
The information contained in this website is for general information purposes only. The information is provided by TodayIndia.news and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.
Through this website you are able to link to other websites which are not under the control of TodayIndia.news We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, TodayIndia.news takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.
For any legal details or query please visit original source link given with news or click on Go to Source.
Our translation service aims to offer the most accurate translation possible and we rarely experience any issues with news post. However, as the translation is carried out by third part tool there is a possibility for error to cause the occasional inaccuracy. We therefore require you to accept this disclaimer before confirming any translation news with us.
If you are not willing to accept this disclaimer then we recommend reading news post in its original language.
