Fixes issued for high-severity Cisco security product flaws

Cisco has addressed 19 security vulnerabilities in its security products including Cisco Adaptive Security Appliance, Firepower Management Center, and Firepower Threat Defense with 11 of the fixed bugs having high severity, SecurityWeek reports. FTD was found to have the most severe flaw, tracked as CVE-2022-20746, which could be abused to result in a denial-of-service condition. "An attacker could exploit this vulnerability by sending a crafted stream of TCP traffic through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition," said Cisco. Also addressed is a remotely exploitable bug that evades security protections. " An attacker could exploit this vulnerability by uploading a maliciously crafted file to a device running affected software. A successful exploit could allow the attacker to store malicious files on the device, which they could access later to conduct additional attacks, including executing arbitrary code on the affected device with root privileges," Cisco noted, adding that the addressed flaws have not yet been exploited in the wild.