Overview
Cisco has released security patches to remediate a significant security flaw, along with seven highly critical, seven high-severity and fourteen medium-severity vulnerabilities in their products, including Firepower Management Center (FMC), Adaptive Security Appliance (ASA), and Firepower Threat Defense (FTD).
The critical vulnerability relates to the web services interface within the software of their Firepower Management Center. This flaw has the potential to permit unauthorised configuration commands to be executed on a Firepower Threat Defense device under the management of the FMC Software, provided the attacker is authenticated and remote.
Apache has released a security update aimed at mitigating a remote code execution (RCE) vulnerability with the identifier CVE-2023-46604. This significant vulnerability, designated as ‘Critical’, possesses a CVSSv3 base score of 10. It potentially grants a remote attacker, with network access to a broker, the ability to execute arbitrary shell commands.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Cisco – Security Center
Apache – Security Advisories
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.