Cisco Vulnerability Requires Multiple Patches

POSTED ON April 25, 2019

Virtual private networks are vulnerable to an exploit that has recently come to light. Cisco has announced that this exploit weakens its ASA, or Adaptive Security Appliance tool. If this issue isn’t addressed and fixed immediately, you could find your organization susceptible through remote code exploitation.

This VPN bug can influence the ASA operating system to enable hackers to breach Cisco security devices. According to Cisco, this Secure Sockets Layer (SSL) can “allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.” This means that an attacker could hypothetically gain complete access to a system and take over control – a potential threat, especially where their physical security is concerned. This vulnerability has been ranked as a 10 out of 10 on the Common Vulnerability Score System, making it one of the top vulnerabilities ranked.

Granted, this weakness only goes into effect if WebVPN has been enabled, but that doesn’t mean that you should overlook this threat. ZDNet provides the following list of affected devices:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD).

When it was first discovered, this bug had yet to be used “in the wild,” but Cisco became aware of some attempts to change that. This exploit targeted a bug from seven years ago, proving the use of the exploit – or at least trying to. The proof only resulted in a system crash, but that doesn’t change the fact that this vulnerability can be used in other harmful ways. Unfortunately, this problem has now been observed in use, and worse, Cisco’s first attempt to patch it didn’t address all issues. As it turned out, there were more attack vectors and features that were not yet known, as so were not addressed by the patch.

Cisco has now released an updated patch, which you need to execute as soon as possible, otherwise, your business security is susceptible to greater risk. It is always good practice to attend to known vulnerabilities quickly, as the longer your business is vulnerable, the more likely it is that someone could take advantage of it.

Furthermore, it is also crucial that you stay aware of any and all vulnerabilities that are present in your mission-critical software and hardware solutions. This bug is not an isolated case. Others like it have been found before, and more will certainly appear in the future. Hackers and cybercriminals are constantly working to undermine the security features that software developers implement. It is your responsibility to ensure that you protect your business by implementing security patches and updates quickly.

Agilitec IT can assist you with that. We can help you ensure that your patches and updates are up-to-date, often without needing to take the time needed for an on-site visit and handling it all remotely. For more information, give us a call at (702) 720-1700.

About the Author: Agilitec IT
Has Malware Made a Home in Your Router?
Links Discovered Between WannaCry and North Korea