Cisco fixed 18 vulnerabilities in 10 security advisories in its Cisco ASA Software, Cisco FMC Software, and Cisco FTD Software.
Cisco released software updates that address these vulnerabilities. All of the vulnerabilities have a Security Impact Rating (SIR) of High.
Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access, gain elevated privileges, execute arbitrary commands, or cause a denial of service (DoS) condition on an affected device.
Four of the vulnerabilities affect Cisco ASA Software and Cisco FTD Software, 12 of the vulnerabilities affect Cisco FMC Software, one of the vulnerabilities affects Cisco ASA Software, and one of the vulnerabilities affects Cisco FTD Software.
In one of the vulnerabilities, there is a hole in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to insufficient validation of FTP data. An attacker could exploit this vulnerability by sending malicious FTP traffic through an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.
This vulnerability affects Cisco products if they are running a vulnerable release of Cisco ASA Software or Cisco FTD Software that is configured to perform FTP inspection.
FTP inspection is enabled by default in Cisco FTD Software.
Click here to view the advisory.
Click here for a complete list of all of the advisories and links to them.