Cisco Patches Firewall Vulnerability

Cisco has issued a serious vulnerability alert in relation to its Cisco Adaptive Security Appliances (ASAs).

These ASAs are the firewalls that many businesses rely on to act as their first line of cyber defence.

ASA Flaw

Cisco issued the alert after the vulnerability was discovered by Exodus Intelligence, which has provided its own indepth blog posting here.

Cisco said the vulnerability is located in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software, which “could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.”

“The vulnerability is due to a buffer overflow in the affected code area,” warned Cisco. “An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system.”

Cisco said that only traffic directed to the affected system can be used to exploit this vulnerability. It also said this vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. The vulnerability can be triggered by IPv4 and IPv6 traffic.

Thankfully, there is a free software update that address this vulnerability and worried system administrators can find it here (providing of course you have a software licence).

Affected units running Cisco ASA software include Cisco ASA 5500 Series Adaptive Security Appliances; Cisco ASA 5500-X Series Next-Generation Firewalls; Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers; Cisco ASA 1000V Cloud Firewall; Cisco Adaptive Security Virtual Appliance (ASAv); Cisco Firepower 9300 ASA Security Module; and finally Cisco ISA 3000 Industrial Security Appliance.

Firewall Vulnerability

Vulnerabilities in firewalls have the potential to be very serious indeed, as firewalls are often the first line of cyber-defence for many businesses.

Just before Christmas, rival firm Juniper warned its customers it had uncovered an “unauthorised” backdoor code in its NetScreen firewalls that could allow spying on VPNs.

That backdoor was discovered during a code review”, and prompted Cisco to also check all of its products for any unauthorised backdoor code.

That Juniper discovery was so serious that the US Congress launched an investigation into the matter, firstly to discover which US government agencies uses the Juniper gear, but also to uncover who was responsible for the backdoor, and whether any US intelligence agency played a role in the matter.

Cisco meanwhile this week revealed it was able to pull together a strong financial second quarter despite strong competition and a volatile global economic environment. All of which happened as the networking giant continues to evolve its business model.

Do you know the secrets of Cisco? Take our quiz!