Cybersecurity specialists from Positive Technologies report the detection of three critical vulnerabilities in the Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls, developed by Cisco and whose exploitation would allow threat actors to deploy denial of service (DoS) attacks, among other risk scenarios. According to the report, the flaws received scores of 8.6/10 according to the Common Vulnerability Scoring System (CVSS), so users of vulnerable deployments are recommended to update as soon as possible.

The flaws were tracked as CVE-2021-1573, CVE-2021-34704 and CVE-2021-40118, and their reports were attributed to various experts, including Cisco’s security teams.

As some users will recall, Cisco is a market leader in enterprise firewall and other security solutions. According to figures from the company itself, currently more than 1 million Cisco devices operate in large, medium and small firms around the world.

On the worst of these flaws, Nikita Abramov, a researcher at Positive Technologies, says: “If a hacker manages to disrupt the operation of the affected solutions, the affected organizations would be left without firewall remote access via VPN. In addition, the absence of a firewall will greatly reduce defenses against security threats.”

The expert adds that threat actors do not need high privileges on the vulnerable system or special access to exploit this error, since it is enough to form a simple request in which one of the parties will be of a different size than expected by the target device. A more detailed analysis of the request will cause a buffer overflow and the system will shut down, forcing a restart.

Cisco released a detailed report to address the flaws found, so administrators are encouraged to stick to these security recommendations, which include official updates. At the moment there are no known alternative solutions to these flaws, so it is best to update as soon as possible.

The company adds that so far no attempts to actively exploit these flaws or the existence of a malware variant associated with the attack have been detected.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Critical vulnerability in Cisco ASA and Cisco FTD allows to shutdown the firewall & VPN. Patch immediately appeared first on Information Security Newspaper | Hacking News.

source

You May Also Like

Two important vulnerabilities ( CVSSv3 score > 7) in VMware ESXi, vCenter Server & Cloud Foundation

The leader in virtualization and cloud computing technologies, VMware, has released a…

2 unpatched vulnerabilities identified in Philips IntelliBridge EC40 and EC80 Hub that are used to transfer data been medical devices

A Philips security alert reveals the discovery of two vulnerabilities in the…

Details of a zero-day vulnerability in Windows 10 were published. Patch not available

Jonas Lyk, a cybersecurity specialist, reported the discovery of a critical vulnerability…