Recently, Cisco has discovered that the Secure Sockets Layer VPN function of their Adaptive Security Appliance software is a vulnerability that could be leveraged by bad actors to gain unauthenticated, remote access to a system with this vulnerability and use that access to execute malicious code.
According to the National Institute of Standards and Technology, this vulnerability is, “due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device.”
By exploiting this vulnerability, a bad actor can utilize malicious code and either initiate a successful denial of service attack or seize control of the device.
Unfortunately, this is a vulnerability that rises to the level of severe risk. In fact, the CVE has scored it 10 out of 10 because it is relatively easy for bad actors to leverage and it can be utilized to do much damage.
The vulnerability has been proven to exist in:
- Cisco ASA software when the admin has enabled the webvpn feature
- Cisco products that utilize FTD version 6.2.2
It’s important to note that the following are NOT affected by this vulnerability:
- Versions of FTD software that preceded version 6.2.2
- AnyConnect Secure Mobility Client
- Other Cisco products
Cisco tells us that the following products may be impacted by this vulnerability.
- Firepower 2100 Series Security Appliance
- Firepower 4110 Security Appliance
- Firepower 9300 ASA Security Module
- Firepower Threat Defense Software (FTD)
- Adaptive Security Virtual Appliance (ASAv)
- 3000 Series Industrial Security Appliance (ISA)
- ASA 5500 Series Adaptive Security Appliances
- ASA 5500-X Series Next-Generation Firewalls
- ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
- ASA 1000V Cloud Firewall
What is the recommended approach to deal with this vulnerability and mitigate the risk it poses to your IT systems?
- Have a Cisco Networking professional look over your IT systems to determine if you are running one of the Cisco products that have this vulnerability.
- Allow that IT support professional to disable the problematic “webvpn” feature on the appropriate devices.
- Implement the patches that Cisco has released right away.
What updates/patches are right for your device that is running Cisco ASA Software?
- Version 8.x1 — Affected; migrate to 184.108.40.206
- Version 9.01 — Affected; migrate to 220.127.116.11
- Version 9.1 – Update to 18.104.22.168
- Version 9.2 – Update to 22.214.171.124
- Version 9.31 — Affected; migrate to 126.96.36.199
- Version 9.4 – Update to 188.8.131.52
- Version 9.51 — Affected; migrate to 184.108.40.206
- Version 9.6 – Update to 220.127.116.11
- Version 9.7 – Update to 18.104.22.168
- Version 9.8 – Update to 22.214.171.124
- Version 9.9 – Update to 126.96.36.199
Where to Get Cisco Software Updates
Most Los Angeles users of the affected Cisco products either have a service contract with Cisco through which they can get the updates or have partnered with a managed service provider such as LA Networks to take care of all their IT environment – including consulting on and managing Cisco products.
But if you’re out there all on your own trying to figure out where to get the Cisco updates and how to implement those updates, Cisco security center has stated the following:
“Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html Customers should have the product serial number available…”
Do You Have An IT Support Partner That Specializes In Cisco Products And Can Ensure That Any Cisco Vulnerabilities Are Dealt With Quickly?
Businesses across Los Angeles are using Cisco products. Why? Because Cisco makes an outstanding product and stands behind its hardware and software with updates to fix vulnerabilities such as the one described earlier in this article. This level of quality manufacture, software development, and customer service has propelled Cisco to be the leader in the field.
But does your company have an IT consulting team in place that knows the inner workings of the vast lineup of Cisco products?
Can your current IT support person draw on Cisco expertise from the best minds in the industry?
As part of the So-Cal Cisco User Group, the LA Networks staff have the unique ability to gain insights and compare notes with Cisco professionals from across the state and by extension, the nation.
Want an IT environment that is secure AND drives pro-growth business objectives?
The LA Networks team does far more than Cisco hardware and software installation, management, configuration, and monitoring.
We deliver a full slate of IT services that we leverage to help LA businesses like yours streamline their processes for greater productivity and efficiency.
- Managed IT Services
- IT Consulting
- Network Management
- Network Administration
- Enterprise Networking
- Data Center and Cloud Solutions
- Mobile Device Management
- IT Security
- Data Backup
The staff of LA Networks partners with a wide range of businesses across Los Angeles and provides those businesses with robust, secure technology platforms. With this IT foundation, our clients can do business online securely and with confidence.