Cisco ASA Firewall Critical Vulnerability

In the last couple of months we have seen attacks on all of the major cyber security infrastructure products.  Juniper.  Cisco. Fortinet.

Is this because something magic happened and opened the vulnerabilities flood gates?  Unlikely.

Is this because the hackers and/or intelligence community opened their kimonos and started sharing their zero-day vulnerabilities with us?  Also unlikely.

What is likely is that these vulnerabilities have always been there and for some reason the security research community is looking harder after the first domino fell.

What we don’t know – and likely never will know – is who knew about these bugs when and who was using them to attack us when.  We know, for example, that the Juniper vulnerability was around since 2012 – over three years ago.  In that time, who knew about it and who used it?  Good guys?  Bad guys?  Unclear.  Uncomfortable for sure.

Sorry for the long preamble, but the setup is important.  This week Cisco revealed another vulnerability in their flagship security product called the ASA or Adaptive Security Appliance.  It comes in several models and even runs in some of their switches and firewalls.

However, it was revealed that by merely sending it a specially crafted packet, you can execute arbitrary code in the ASA, take full control of the system or even reload it.

Let that sink in for a minute.  Think of the ASA as the guards on the wall of the castle.  These guards didn’t just get overwhelmed;  they went over to the other side.

If someone was aware of this attack – as the entire hacker world is now – one packet and I own your entire network.

Cisco rates this vulnerability as a TEN on a 1-10 scale.  If they could make it an ELEVEN, they likely would.

The Internet Storm Center at SANS has reported seeing “a large increase” in probes looking for this vulnerability.

If you are running the ASA software in your company – and it is very popular – and have not patched it yet, you need to do that as soon as you possibly can because the hackers now now the secret and are out there looking for systems that have not been patched.


Information for this post came from Cisco and Network World.

Leave a Reply

Your email address will not be published. Required fields are marked *