Article

Latest News: Cisco release details of ASA vulnerabilities

Cisco have recently released details of several vulnerabilities found within their ASA (Adaptive Security Appliance) devices. Although there is no threat to data integrity or risk of other systems being compromised, there is the potential for these vulnerabilities to cause serious disruption to your business

What Are They?

The vulnerabilities are to be found in different parts of the ASA software – VPN, two in DHCPv6 relay and two in DNS. In each case an attacker could use specially crafted packets to cause an ASA to reload (reboot). Assuming the running configuration of the ASA had been saved to memory then there would be no data loss; the device will simply reboot. However, during the reboot process the device would not function, likely causing network or internet access issues.

What’s the risk?

In all cases these vulnerabilities can be exploited by a remote, unauthenticated attacker, simply by sending specially crafted UDP, DNS or DHCP packets to the ASA. The impact is relatively low, although repeated attacks could be used to create an effective Denial of Service attack by repeatedly reloading your ASA device.

Which ASAs are affected?

The following models of ASA have the potential to be affected, depending on the exact version of the ASA software they are running:

  • Cisco ASA 1000V Cloud Firewall
  • Cisco ASA 5500 Series Adaptive Security Appliances
  • Cisco ASA 5500-X Series Next-Generation Firewalls
  • Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Cisco Adaptive Security Virtual Appliance (ASAv)
  • Cisco FirePOWER 9300 ASA Security Module

Please refer to the table below to work out whether your ASA is affected. For each major release of the ASA software listed in the left-hand column, the right hand column details which minor releases are affected by one or more of these vulnerabilities.

ASA's affected

What do I need to do?

Waterstons would highly recommend the migrating or upgrading of all affected ASA software versions as soon as possible. The table below details the action recommended by Cisco based on which major release the ASA is currently running.

Recommended actions

Waterstons will be contacting all of our affected Managed Services clients in due course to arrange remediation work and any outage windows required as a result of this.

If you have any queries or concerns then please don’t hesitate to make contact with either the Service Desk or the main office.

Further Information

More information about the vulnerabilities can be found at the links below:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150115-asa-dhcp http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dhcp1 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dns1 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dns2 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-ike

Is the cloud secure enough?

13 February 2019 , London Office

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies. However, you can change your cookie settings at any time. For further information about how we use cookies and how to change your settings, please read our Cookie Notice

I'm fine with this