What Happens When Your Firewall Loses the War and Joins the Other Side?

Cisco released an announcement that a high severity vulnerability affecting many Cisco ASA firewalls and Firepower security appliances has a proof of concept available in the wild.  This means that even amateurs can take that code, modify it a bit and successfully either force your firewall to randomly reboot or to steal credentials from that firewall.

Cisco is “recommending” that customers patch their firewalls.

The attack can be executed remotely – such as from China – and does not require the attacker to have any valid credentials.

The bug affects ASA 5500 and 5500-X firewalls, Firepower 2100, 4100 and 9300 appliances and several other models.

There are no workarounds for this flaw other than to power off your firewall and take down your Internet connection.

So what should you do?

While this bug patch was updated just a couple of days ago, it was released several weeks ago.

Users should always keep on top of patches for equipment that they have installed.

Cisco, as just one of many vendors that customers likely use, has a security advisory page at https://tools.cisco.com/security/center/publicationListing.x  .  Each vendor announces patches in a different way.

One of the benefits of buying Cisco is that you can only download patches if you have a current, valid, support agreement.  If you do not subscribe to Cisco’s model for making them rich, you cannot obtain security patches.  This is different than most vendors who distinguish between security patches and new features.

If you do not have a support contract, Cisco will be happy to sell you one.

Information for this post came from Help Net Security.

Leave a Reply

Your email address will not be published. Required fields are marked *