The vulnerabilities could affect hundreds of thousands of devices.

Edward Gately, Senior News Editor

May 10, 2021

2 Min Read
Firewall
Shutterstock

Positive Technologies has identified new vulnerabilities in Cisco firewalls that could cause denial of service and block access to corporate networks.

The two vulnerabilities are in the Adaptive Security Appliance and Firepower Threat Defense within Cisco hardware firewalls. Cisco has patched both vulnerabilities.

The vulnerabilities in Cisco firewalls are very common, Positive Technologies said. Furthermore, the company believes they could affect hundreds of thousands of devices.

The researcher who found the bugs says any organization using vulnerable devices to offer employees access to internal resources via VPN is in danger.

The Main Danger

Nikita Abramov is application analysis specialist at Positive Technologies.

Abramov-Nikita_Positive-Technologies.jpg

Positive Technologies’ Nikita Abramov

“The main danger is that attackers can send a specially crafted package to cause denial of service of the firewall,” he said. “The device will reload, and users will be denied access to a company’s internal network (for example, via VPN), which can significantly affect business processes amidst the pandemic.”

The number of devices exposed to these vulnerabilities is similar to those affected by CVE-2020-3259. It affected the Cisco ASA firewall and was found in 220,000 devices.

The attack does not require any additional rights, access or authorization, Abramov said. All attackers have to do is send a special request using a special path.

Both vulnerabilities reflect a high degree of danger. Furthermore, these are logical errors that often appear due to developers’ carelessness or insufficient code testing during development.

To eliminate vulnerabilities, users are advised to follow the recommendations specified in the official Cisco notice. To detect attempts to exploit vulnerabilities in the Cisco firewall, network traffic analysis systems (NTA/NDR) can be used. If an attack is successful, security information and event management (SIEM) solutions can detect signs of penetration. Moreover, they help identify suspicious behavior and register an incident. In addition, they prevent intruders from moving laterally within the corporate network in a timely manner.

Cisco thanked Positive Technologies for uncovering the vulnerability.

Read more about:

MSPsVARs/SIs

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like