.png?2.1.1 "Vokash")
.png "Trending")
3 weeks ago
ZDNET's cardinal takeaways
- Cisco's Secure Firewall Management Center information spread is arsenic bad arsenic they get.
- There is nary mitigation and nary workaround. Patch immediately.
- So far, nary confirmed progressive exploits person been confirmed.
Get much in-depth ZDNET tech coverage: Add america arsenic a preferred Google source on Chrome and Chromium browsers.
Do you usage Cisco's Secure Firewall Management Center (FMC) software? If your institution operates a superior web using Cisco products -- and pinch Cisco's 76%+ marketplace stock of high-end networking, chances are that you do -- you must spot it. Not complete nan weekend. Not Monday. Right now.
Also: Microsoft patches much than 100 Windows information flaws - update your PC now
Cisco has conscionable patched a critical bid injection vulnerability (CVE-2025-20265) successful FMC. How captious is critical? Let's put it this way: It has a Common Vulnerability Scoring System (CVSS) people of 10.0, which is nan highest imaginable consequence standing successful vulnerability scoring. Specifically, nan flaw affects FMC versions 7.0.7 and 7.7.0 that person been configured for RADIUS authentication connected nan web-based aliases SSH guidance interface.
RADIUS is nan de facto modular for web authentication. It's nan astir communal implementation utilized to alteration 802.1X access power management. In different words, if you usage FMC, it's almost a certainty you're utilizing RADIUS, which intends you're vulnerable.
The problem is that because nan package didn't sanitize personification input successful nan RADIUS authentication phase, attackers tin nonstop crafted credentials that will beryllium executed arsenic high-privileged ammunition commands. If abused correctly, this tin assistance anyone afloat power complete nan firewall guidance center.
Also: This infamous group hunt tract is backmost aft leaking 3 cardinal records - really to region your information from it ASAP
Adding reproach to injury, attackers tin utilization nan flaw without immoderate anterior strategy entree aliases valid credentials. I repeat: without immoderate anterior strategy entree aliases valid credentials.
This is simply a information nightmare. Once a hacker has complete power complete firewall management, they tin do beautiful overmuch thing they want to some nan firewall and nan remainder of your network.
The 1 spot of bully news is that Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software are not affected.
Oh, and by nan way, Cisco states, "There are nary workarounds that reside this vulnerability." You must spot nan program. Now.
Cisco reports that location person been nary confirmed progressive exploits successful nan chaotic truthful far. Give it time. The accusation successful nan information study is much than capable for a clever hacker to fig retired really to utilization this information hole.
So, erstwhile much and pinch feeling, spot it. Patch it now.
Also: Don't autumn for AI-powered disinformation attacks online - here's really to enactment sharp
Cisco customers pinch work contracts that entitle them to regular package updates should get information fixes done their accustomed update channels. However, fixed really heavy this spread goes, Cisco is besides offering nan spot for free. In either case, return nan pursuing steps:
Go to nan charismatic Cisco Security Advisory for CVE-2025-20265.
Log successful pinch your Cisco relationship linked to your organization's support contract.
Use nan Cisco Software Checker instrumentality aliases cheque nan Download conception of nan advisory to place nan circumstantial fixed merchandise for your appliance/version.
Download and instal nan FMC package update for your deployment -- patched versions for 7.0.7 and 7.7.0 are provided.
You cognize what to do now. Get connected pinch it.
English (US) · 
Indonesian (ID) ·