Hackers are actively trying to exploit a high-profile vulnerability in widely used Cisco networking software that could give them complete control over secure networks and access to all traffic passing over them, the company said. warn.
When Cisco officials revealed the bug last week in several Adaptive Security Appliance products, they said they had no evidence that anyone was exploiting it. Earlier this week, authorities update their advice to show that is no longer the case.
“The Cisco Product Security Incident Response Team (PSIRT) is aware of the public awareness of the vulnerability described in this advisory,” the officials wrote. “Cisco PSIRT is aware of an attempted malicious use of the vulnerability described in this advisory.”
The update did not say how the attacks spread, whether any of them were successful, or who was carrying them out. On Twitter on Thursday, Craig Williams, a Cisco researcher and director of information for Cisco’s Talos security team, wrote about the vulnerability: “This is not a drill..Immediate patch. The use, although DoS lame so far, has been noticed in place.”
— Craig Williams (@security_craig) March 9, 2018
The tweet seemed to suggest that effective code execution attacks have yet to succeed in active attacks. One exception tweet from independent researcher Kevin Beaumont on Friday shortly before this post said: “Someone tried a Cisco ASA vulnerability on my honeypot.
Someone just tried the Cisco ASA vulnerability on my honey. 💁♀️
— Kevin Beaumont (@GossiTheDog) March 9, 2018
In a follow-up tweet, Beaumont also pointed out that the attacker did not successfully execute the code.
The warning of wild exploit attempts came around the same time Cisco warned that the vulnerability—which carries a maximum weight of 10 under the Common Vulnerability Scoring System—poses an even greater threat than first believed. The revised review is based on detailed research conducted by Cisco researchers after issuing the initial advisory last week, which is based on findings from external security firm NCC Group. As a result of the new findings, Cisco developed new patches to replace the ones that were already released.
“After the investigation expanded, Cisco engineers found other attack forces and features affected by this vulnerability that were not initially identified by the NCC Group and subsequently updated the security advisory, Cisco employees wrote on Monday. “In addition, we also found that the original list of fixed releases issued in the security advisory was later found to be vulnerable to additional denial of service conditions.”
The extreme weight rating results in an inability to relative ease in its abuse, combined with incredible control if given successful attacks. Devices running Cisco ASA software typically sit at the edge of a secure network, making them easy for outsiders to find. Once exploited, the devices allow remote hackers to take control of the networks and to monitor all traffic passing through them. Affected Cisco products include:
- 3000 Series Enterprise Security Appliance (ISA)
- ASA 5500 Series Adaptive Security Appliances
- ASA 5500-X Series Next-generation Firewalls
- ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers.
- ASA 1000V cloud firewall
- Default Security Application (ASAv)
- Firepower 2100 Series Security Appliance
- Firepower 4110 Security Equipment
- Firepower 4120 Security Appliance
- Firepower 4140 Security Equipment
- Firepower 4150 Security Appliance
- Firepower 9300 ASA Security Module
- Software Threat Defense (FTD)
- Virtual FTD
People using one of these devices should make sure as soon as possible that they are protected with the latest patches.