It emerged last week that a security researcher had made a very significant discovery, which showed that popular firewalls made by Cisco had a vulnerability that was scored a perfect 10 out of 10 on the CVSS (Common Vulnerability Scoring System) scale. The vulnerable Cisco firewalls are in widespread use and they need to be patched urgently.
As is usual, the vulnerability lies in the software that runs on these firewalls. This Adaptive Security Appliance (ASA) software is what has been found to be vulnerable by a researcher who was to present his findings at a security conference in Belgium last Friday. He hasn’t released all of the juicy details yet and there are no reported exploits in the wild, but that could all change.
The affected devices, according to Cisco, are:
- 3000 Series Industrial Security Appliance (ISA)
- ASA 5500 Series Adaptive Security Appliances
- ASA 5500-X Series Next-Generation Firewalls
- ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
- ASA 1000V Cloud Firewall
- Adaptive Security Virtual Appliance (ASAv)
- Firepower 2100 Series Security Appliance
- Firepower 4110 Security Appliance
- Firepower 4120 Security Appliance
- Firepower 4140 Security Appliance
- Firepower 4150 Security Appliance
- Firepower 9300 ASA Security Module
- Firepower Threat Defense Software (FTD)
- FTD Virtual (FTDv)
If you have any of these devices in your network, you should be getting your IT support to patch it as soon as possible. There were reported issues with the initial patches, but Cisco have now rectified those too.
The big concern was to do with the Virtual Private Network (VPN) component on the firewall. If you are able to connect in remotely to your network by way of this VPN, then your entire network is at risk of being compromised.
For the technical types who are reading this, you can get a much more in-depth view of the vulnerable Cisco firewall issues on a blog post by Omar Santos.