Cisco FMC and FTD Vulnerabilities

Cisco FMC and FTD Vulnerabilities

No Comments

CISCO FMC Vulnerability

CVE-2025-20265 (CVSS 10.0)

  • Description: Remote code execution (RCE) vulnerability in the RADIUS authentication subsystem of FMC. Exploitable remotely and unauthenticated if RADIUS is enabled for web or SSH management.
  • Impact: Allows injection and execution of arbitrary shell commands at a high privilege level.
  • Affected Versions: FMC Software 7.0.7 and 7.7.0 with RADIUS authentication enabled.
  • Mitigation: No workaround except patching; Cisco has issued security updates.
  • Details: Caused by improper user input handling during authentication. Discovered internally by Cisco.
  • Other FMC Vulnerabilities (August 2025):
  • HTML Injection flaw in the web-based management interface (details available in Cisco advisories).

Cisco FTD Vulnerabilities

CVE-2025-20217 (CVSS 8.6)

  • Description: Denial of service (DoS) via the Snort 3 Detection Engine in FTD. Allows unauthenticated, remote attackers to send crafted traffic causing the inspection process to enter an infinite loop.
  • Impact: System may become unresponsive, requiring a restart.
  • Affected: FTD with Snort 3 enabled and intrusion policy active.
  • Mitigation: Patching is required; no workaround.

CVE-2025-20243

  • Description: DoS via improper input validation for management/VPN web interfaces on ASA and FTD appliances (unauthenticated remote attack via crafted HTTP requests).
  • Impact: Resource exhaustion and forced reload of device.
  • Mitigation: Ensure VPN web services are minimized if not needed and patch appropriately.

CVE-2025-20237 & CVE-2025-20238 (ASA/FTD Command Injection)

  • Description: Local, authenticated attackers with admin credentials can execute commands with root privileges due to improper input validation.
  • Impact: Full system compromise possible for confidentiality/integrity; exploit requires admin access.
  • Mitigation: Patch as per Cisco’s recommendations.

Recommendations for Security Teams

  • Immediate patching is critical, especially for CVE-2025-20265 and CVE-2025-20217, as both pose remote, unauthenticated risks.
  • Review authentication configurations: If RADIUS is not required, consider disabling it as an immediate mitigation step for FMC.
  • Validate intrusion policy and Snort engine status on all FTD deployments, and ensure Snort 3 is fully patched.
  • Audit access privileges: Restrict admin access, and monitor logs for exploit attempts targeting these vulnerabilities.

These vulnerabilities are among the most severe ever reported for the Cisco Secure Firewall suite—with significant exploitation risk for enterprise environments. Regularly monitor Cisco’s security advisories for future updates and mitigation steps.

Tags:

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.