Story image

Vulnerability in Cisco security devices could cause firewalls to fail

By Shannon Williams, Wed 24 Nov 2021

A vulnerability in the Cisco ASA (Adaptive Security Appliance) and Cisco FTD (Firepower Threat Defense) firewalls has been uncovered by a researcher at Positive Technologies. 

Researcher Nikita Abramov discovered the vulnerability can lead to denial of service. 

The severity level of vulnerability CVE-2021-34704 was assessed as high (CVSSv3.0 score of 8.6), and users are recommended to install updates as soon as possible.

Cisco is an enterprise firewall market leader, according to Forrester Research, and more than 1 million Cisco security appliances are deployed throughout the world.

"If hackers disrupt the operation of Cisco ASA and Cisco FTD, a company will be left without a firewall and remote access (VPN)," says Abramov.

"If the attack is successful, remote employees or partners will not be able to access the internal network of the organisation, and access from the outside will be restricted," she says.

"At the same time, firewall failure will reduce the protection of the company," says Abramov.

"All this can negatively impact company processes, disrupt interactions between departments, and make the company vulnerable to targeted attacks," she adds.

According to Abramov, an attacker does not need elevated privileges or special access to exploit the vulnerability. It is enough to form a simple request, in which one of the parts will be different in size than expected by the device. Further parsing of the request will cause a buffer overflow, and the system will be abruptly shut down and then restarted.

To fix the vulnerability, Abramov advises to follow the manufacturer's recommendations outlined in the security advisory.

Positive Technologies has previously discovered vulnerabilities in Cisco Firepower Device Manager (FDM) On-Box and critical flaws in Cisco ASA, such asCVE-2020-3187, CVE-2020-3259, and CVE-2020-3452.

NTA/NDR solutions for deep traffic analysis such as PT Network Attack Discovery, can help detect attempts to exploit vulnerabilities in Cisco firewalls. One of the ways to detect signs of penetration is to use SIEM solutions (in particular, MaxPatrol SIEM), which help identify suspicious behaviour and prevent intruders from moving laterally within the corporate network. Next-generation vulnerability management systems like MaxPatrol VMcan also provide continuous monitoring of vulnerabilities within the infrastructure.

In a recent security advisory, Cisco warned multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.

These vulnerabilities are due to improper input validation when parsing HTTPS requests. An attacker could exploit these vulnerabilities by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

Recent stories
More stories