On January 29, Cisco issued an emergency warning to its customers about its Adaptive Security Appliance (ASA) software. It was discovered that the company’s ASA operating system for a range of network security devices has a severe vulnerability that can be used to gain unauthenticated remote access. It was also noted that the Cisco ASA VPN bug has a rating of 10 out of 10 – which requires immediate action from the affected parties.
The bug was originally reported by NCC group security researcher Cedric Halbronn, who also worked on fixing the issue. His early estimate was that more than 200,000 devices are affected – the majority of which still remain unpatched. Cisco responded to this by issuing a patch. However, the original solution was incomplete since the company found other ways this bug can be exploited. Since there wasn’t any indication of any malicious activity attempting to exploit the flaw, the affected parties weren’t rushing to apply the update. However, things have changed.
The latest news is telling us that hackers have now begun exploiting the bug. This means that as of now, updating ASA system is of the highest importance. The company issued detailed instructions for admins in an effort to simplify this problem. It’s is also worth noting that the Cisco ASA VPN bug applies to FTD 6.6.2, which was released in September od 2017. In fact, this was the first version to support remote access VPN. In case customers haven’t updated to this version, they are not affected in any way.
It seems like the last couple of days was very problematic for the whole IT security community. First, a large portion of the original iOS boot code was leaked. Then, Swisscom suffered a data breach, leaking personal information about thousands of the company's customers. All of these developments, even though unrelated, are reminding us of the fragility of today’s IT security systems.