cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
882
Views
0
Helpful
2
Replies

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Code Execution Vulnerability

cciesec2011
Level 3
Level 3

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191112-asa-ftd-lua-rce?emailclick=CNSemail

 

It stated:  A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device

 

In my environment, we only have admin users with read/write access.  No one has read only access.  Does it mean this security vulnerability does not not apply in my environment?

 

TIA

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

Even though a user is an authenticated administrator, the issue is that any LUA code should not be allowed to affect the underlying Linux. There is also the use case of compromised credentials. So you still have the vulnerability.

Whether or not is a significant concern to you depends on your security posture and possibly external requirements (such as compliance, auditors, legal etc.).


@Marvin Rhoads wrote:

Even though a user is an authenticated administrator, the issue is that any LUA code should not be allowed to affect the underlying Linux. There is also the use case of compromised credentials. So you still have the vulnerability.

Whether or not is a significant concern to you depends on your security posture and possibly external requirements (such as compliance, auditors, legal etc.).

 

Well, I opened a TAC case with Cisco and TAC responded to me, in writing, that I am not vulnerable in my environment.  This vulnerability only exists when you have environment with both read-only and read/write users.  In an environment where you only have read/write admin users, it does not apply.


 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: