Cisco Vulnerability Could Cause Firewall Failure, Allow Targeted Attacks

Positive Technologies rates the vulnerability's level of severity as high.

Edward Gately, Senior News Editor

November 23, 2021

3 Min Read
The techniques used in the ransomware attack were stolen from the National Security Agency According to Bloomberg ldquoIts main element was developed
The techniques used in the ransomware attack were stolen from the National Security Agency. According to Bloomberg, “Its main element was developed by the NSA, not the hackers—a vulnerability codenamed Eternalblue, which allowed the agency to commandeer old, pre-Windows 10 versions of the Microsoft operating system.”Shutterstock

Cisco vulnerability could allow hackers to cause firewalls to fail, leaving organizations vulnerable to targeted attacks.

So says Positive Technologies researcher Nikita Abramov, who discovered a vulnerability in the Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls. The vulnerability can lead to denial of service.

Positive Technologies assessed the severity level of vulnerability as high and users should install updates as soon as possible. To fix the vulnerability, follow the manufacturer’s recommendations outlined in the security advisory.

Cisco said the vulnerabilities are due to improper input validation when parsing HTTPS requests. An attacker could exploit these vulnerabilities by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

More than 1 million Cisco security appliances are deployed throughout the world.


Positive Technologies’ Nikita Abramov

“If hackers disrupt the operation of Cisco ASA and Cisco FTD, a company will be left without a firewall and remote access (VPN),” Abramov said. “If the attack is successful, remote employees or partners will not be able to access the internal network of the organization, and access from the outside will be restricted. At the same time, firewall failure will reduce the protection of the company. All this can negatively impact company processes, disrupt interactions between departments, and make the company vulnerable to targeted attacks.”

Business models that are focused on remote operation are more likely to be vulnerable, he said. That’s because it’s extremely important for them to have constant communication, for example, with specific divisions or offices.

“Hybrid models, in which some of the employees work for my offices, are also in the danger zone,” Abramov said.

Elevated Privileges, Special Access Not Needed

An attacker doesn’t need elevated privileges or special access to exploit the vulnerability, Abramov said. It is enough to form a simple request, in which one of the parts will be different in size than expected by the device. Further parsing of the request will cause a buffer overflow, and the system will be abruptly shut down and then restarted.

“Very often, organizations don’t monitor information security situations, or don’t pay enough attention to them,” Abramov said. “And, although at present the situation has changed for the better, some parts of the company ignore the information received from the vendor or does it belatedly. Therefore, it’s imperative to keep in touch with the equipment manufacturer’s representatives or support companies for such equipment.”

A successful attack can stop a company’s workflow for some time, he said.

“We strongly recommend that you update vulnerable devices and follow the security advisories published on the manufacturer’s website,” Abramov said.

Positive Technologies previously discovered vulnerabilities in Cisco Firepower Device Manager (FDM) On-Box and critical flaws in Cisco ASA.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like