Hackers Exploit Vulnerability in Cisco ASA and FTD Software

a security lock on a computer circuit board surrounded by keys / random password hacking concept
Cisco’s security switches have been found to contain a vulnerability which can result in several devices being hacked.

Unknown hackers have reportedly exploited a key vulnerability affected in a range of Cisco products.

The main mischief inflicted by the hackers was denial of service (DoS) attacks, but access to critical data like usernames and passwords has also been found to have occurred during some attacks.

Cisco has stepped in and issued a patch to remediate the issue.

How the Security Flaw Works

Cybersecurity experts who have studied the vulnerability explain that the validation of the HTTP URL is not being carried out properly, which leads to the hackers succeeding in exploiting this vulnerability.

The hacker is able to plant a crafted request using a HTTP URL that the Cisco device accepts and allows access.

It has been found that both IPv4 and IPv6 HTTP traffic also get affected through this vulnerability.

In terms of the software, Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) are the products immediately under review and the devices identified with the vulnerability are running these programs.

Long List of Cisco Devices Found Vulnerable

Industrial Security Appliances of Cisco in the 3000 Series and 5500 and 5000-X Series are also in the list of vulnerable devices.

Apart from these, the service modules in ASA Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers have been found to be vulnerable.

In addition, in the Firepower software, the 2100 and 4100 Series appliances and the security module of the 9300 ASA have found place in the list.

The only exception among the releases of the related software has been 6.2.0. The rest are vulnerable.

Cisco Alerted to the Issue

shutters and sign on the wall of of the Cisco Systems Switzerland office building.
Unknown hackers have reportedly exploited a key vulnerability affected in a range of Cisco products.

Once the vulnerability was detected by an independent bug hunter and reported to Cisco, it was realized that hackers could mount attacks on the effected systems from anywhere.

In response to the alert, the company went about developing the remedial patch.

As mentioned, the vulnerability was assigned No. CVE-2018-0296 and is classified as highly severe. Cisco also followed it through with a notice to the users of its devices about the nature of the vulnerability and the precautions to be taken.

The advisory recommends that customers download the patch issued by Cisco.

Though the bug hunter had found and reported the vulnerability, Cisco indicated that it has not come across any hacking attempts. No data theft has been reported either.

Users Have to Be Sure Their Devices Are Safe

Though Cisco has understood the nature of the vulnerability and issued the remedial patches, customers have to make some efforts to ascertain that the Cisco devices connected in their systems are vulnerable so that they can download the patch and restore security.

There have been cases where Cisco has released a patch but did not disclose it the customers. This is being explained by the company by saying that there are different versions of their software and each has to be checked for the suitability of the patch before the customers are advised to follow the procedure. Sometimes, the number of such versions may even reach 50.

A similar set of patches were released by Cisco earlier this year, and this is the second time they are handling similar issues.

Ultimately, it is up to customers to stay alert and keep their devices protected.

Irrespective of the kind of device or the manufacturer, cybersecurity threats remain very real.

More than the manufacturers and software developers, it is the end users that are ultimately affected by the consequences of security vulnerabilities.

As such, users will have to take all the necessary measures while setting up their systems to be sure they have set all the required firewalls to prevent any form of break-in.

Even a minor flaw in the system can result in serious damage. More than that, if important information gets stolen, it could be even more damaging.

This is why it’s so important that all customers take the necessary security steps to be as safe as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.