Bug in Cisco FTD and ASA disables firewall and disrupt operations

Bug Cisco FTD ASA Firewall Disrupt Operations Cyber Threat Vulnerability Assessment

Security experts have recently warned about a new bug that has been identified this week in Cisco Firepower Threat Defence (FTD) and Adaptive Security Appliance (ASA) firewalls that could open doors for distributed denial-of-service (DDoS) attacks.

Moreover, the discovered high-severity vulnerability – CVE-2021-34704 – is said not to require advanced privileges or special access to be exploited by threat actors. Rather they only need to make a request wherein one of the parts must be in a different size than what the device requires.

This vulnerability in FTD and ASA firewalls came from an improper input validation during the parsing of HTTPS requests. Threat actors can reload the affected device and expose it to DDoS attacks if exploited.

 

Experts said that the vulnerability found in Cisco FTD and ASA could impact business operations negatively.

 

Threat actors can easily disrupt the business operations of Cisco FTD and ASA because of the bug, and it could lead to firms not having a firewall and remote access. Furthermore, successful attacks can prohibit employees or affiliates from not having access to the organisation’s internal network and will be restricted to outside access. Failure to establish a firewall can especially reduce a company’s protection against potential cyberattacks.

Nonetheless, Cisco stated that they already had patched the bug upon the FTD and ASA firmware release.

For customers that had their devices affected by the bug, it is highly recommended to leverage the security information and event management (SIEM) services to fix the discovered breaches.

Aside from this recent bug that impacted the firewall of Cisco, there was also a bug patched back in August this year in the vendor’s Firepower Devices Manager (FDM) and On-Box software that allowed security researchers to take control of Cisco’s Firepower next-generation firewalls.

The bug scored 6.3 in severity from the Common Vulnerability Scoring System (CVSS) and has leveraged Cisco’s FDM On-Box representational state transfer (REST) API. For this reason, threat actors were able to execute arbitrary code on the affected device’s operating system.

Finally, experts said that the threat actors would only need to acquire credentials from a user with low privileges and send a customised HTTP request to exploit the bug successfully. The vulnerability is likely caused by insufficient and improper user input validation for certain REST API commands.

About the author

Leave a Reply