Positive Technologies Uncovers Dangerous Vulnerabilities in Cisco FirewallsPositive Technologies Uncovers Dangerous Vulnerabilities in Cisco Firewalls
The vulnerabilities could affect hundreds of thousands of devices.
May 10, 2021
Positive Technologies has identified new vulnerabilities in Cisco firewalls that could cause denial of service and block access to corporate networks.
The two vulnerabilities are in the Adaptive Security Appliance and Firepower Threat Defense within Cisco hardware firewalls. Cisco has patched both vulnerabilities.
The vulnerabilities in Cisco firewalls are very common, Positive Technologies said. Furthermore, the company believes they could affect hundreds of thousands of devices.
The researcher who found the bugs says any organization using vulnerable devices to offer employees access to internal resources via VPN is in danger.
The Main Danger
Nikita Abramov is application analysis specialist at Positive Technologies.
Positive Technologies’ Nikita Abramov
“The main danger is that attackers can send a specially crafted package to cause denial of service of the firewall,” he said. “The device will reload, and users will be denied access to a company’s internal network (for example, via VPN), which can significantly affect business processes amidst the pandemic.”
The number of devices exposed to these vulnerabilities is similar to those affected by CVE-2020-3259. It affected the Cisco ASA firewall and was found in 220,000 devices.
The attack does not require any additional rights, access or authorization, Abramov said. All attackers have to do is send a special request using a special path.
Both vulnerabilities reflect a high degree of danger. Furthermore, these are logical errors that often appear due to developers’ carelessness or insufficient code testing during development.
To eliminate vulnerabilities, users are advised to follow the recommendations specified in the official Cisco notice. To detect attempts to exploit vulnerabilities in the Cisco firewall, network traffic analysis systems (NTA/NDR) can be used. If an attack is successful, security information and event management (SIEM) solutions can detect signs of penetration. Moreover, they help identify suspicious behavior and register an incident. In addition, they prevent intruders from moving laterally within the corporate network in a timely manner.
Cisco thanked Positive Technologies for uncovering the vulnerability.
About the Author(s)
You May Also Like