Tag Archives: ASA

What Happens When Your Firewall Loses the War and Joins the Other Side?

Cisco released an announcement that a high severity vulnerability affecting many Cisco ASA firewalls and Firepower security appliances has a proof of concept available in the wild.  This means that even amateurs can take that code, modify it a bit and successfully either force your firewall to randomly reboot or to steal credentials from that firewall.

Cisco is “recommending” that customers patch their firewalls.

The attack can be executed remotely – such as from China – and does not require the attacker to have any valid credentials.

The bug affects ASA 5500 and 5500-X firewalls, Firepower 2100, 4100 and 9300 appliances and several other models.

There are no workarounds for this flaw other than to power off your firewall and take down your Internet connection.

So what should you do?

While this bug patch was updated just a couple of days ago, it was released several weeks ago.

Users should always keep on top of patches for equipment that they have installed.

Cisco, as just one of many vendors that customers likely use, has a security advisory page at https://tools.cisco.com/security/center/publicationListing.x  .  Each vendor announces patches in a different way.

One of the benefits of buying Cisco is that you can only download patches if you have a current, valid, support agreement.  If you do not subscribe to Cisco’s model for making them rich, you cannot obtain security patches.  This is different than most vendors who distinguish between security patches and new features.

If you do not have a support contract, Cisco will be happy to sell you one.

Information for this post came from Help Net Security.

Cisco ASA Firewall Critical Vulnerability

In the last couple of months we have seen attacks on all of the major cyber security infrastructure products.  Juniper.  Cisco. Fortinet.

Is this because something magic happened and opened the vulnerabilities flood gates?  Unlikely.

Is this because the hackers and/or intelligence community opened their kimonos and started sharing their zero-day vulnerabilities with us?  Also unlikely.

What is likely is that these vulnerabilities have always been there and for some reason the security research community is looking harder after the first domino fell.

What we don’t know – and likely never will know – is who knew about these bugs when and who was using them to attack us when.  We know, for example, that the Juniper vulnerability was around since 2012 – over three years ago.  In that time, who knew about it and who used it?  Good guys?  Bad guys?  Unclear.  Uncomfortable for sure.

Sorry for the long preamble, but the setup is important.  This week Cisco revealed another vulnerability in their flagship security product called the ASA or Adaptive Security Appliance.  It comes in several models and even runs in some of their switches and firewalls.

However, it was revealed that by merely sending it a specially crafted packet, you can execute arbitrary code in the ASA, take full control of the system or even reload it.

Let that sink in for a minute.  Think of the ASA as the guards on the wall of the castle.  These guards didn’t just get overwhelmed;  they went over to the other side.

If someone was aware of this attack – as the entire hacker world is now – one packet and I own your entire network.

Cisco rates this vulnerability as a TEN on a 1-10 scale.  If they could make it an ELEVEN, they likely would.

The Internet Storm Center at SANS has reported seeing “a large increase” in probes looking for this vulnerability.

If you are running the ASA software in your company – and it is very popular – and have not patched it yet, you need to do that as soon as you possibly can because the hackers now now the secret and are out there looking for systems that have not been patched.

 

Information for this post came from Cisco and Network World.