Positive Technologies Identifies Vulnerabilities in Cisco Systems Firewalls, Cisco Implements Fixes

May 6, 2021

May 7, 2021 -- Cisco Systems Inc. has conveyed its thanks to Positive Technologies cybersecurity expert Nikita Abramov for identifying two vulnerabilities in Adaptive Security Appliance and Firepower Threat Defense of Cisco hardware firewalls. The two vulnerabilities are very common—Positive Technologies believes they potentially affect hundreds of thousands of devices.

 

"The main danger is that attackers can send a specially crafted package to cause denial of service of the firewall—the  device will reload, and users will be denied access to a company's internal network (for example, via VPN), which can significantly affect business processes amidst the pandemic,” Mr. Abramov noted.  “The number of devices exposed to these vulnerabilities is similar to the number of devices affected by CVE-2020-3259, which affected the Cisco ASA firewall and was found in 220,000 devices."

 

The attack does not require any additional rights, access or authorization. All attackers have to do is send a special request using a special path. Mr.  Abramov reports that any organization using vulnerable devices to offer employees access to internal resources via VPN is in danger.

 

Both vulnerabilities, officially CVE-2021-1445 and CVE-2021-1504, have a CVSS 3.1 score of 8.6, reflecting a high degree of danger. These are logical errors that often appear due to developers' carelessness or insufficient code testing during development.

 

To eliminate vulnerabilities, users are advised to follow the recommendations specified in the official Cisco notice. To detect attempts to exploit vulnerabilities in the Cisco firewall, network traffic analysis systems (NTA/NDR) can be used, for example PT Network Attack Discovery. If an attack is successful, signs of penetration can be detected with SIEM solutions such as MaxPatrol SIEM, which help identify suspicious behavior, register an incident, and prevent intruders from moving laterally within the corporate network in a timely manner.

 

 

About Positive Technologies

For 19 years, Positive Technologies has been creating innovative solutions for information security. We develop products and services to detect, verify, and neutralize the real-world business risks associated with corporate IT infrastructure. Our technologies are backed by years of research experience and the expertise of world-class cybersecurity experts. Over 2,000 companies in 30 countries trust us to keep them safe. Follow us on social media (LinkedIn, Twitter) and the News section at ptsecurity.com.

 

 

CONTACT: 

Paula Dunne

CONTOS DUNNE COMMUNICATIONS

+1-408-893-8750 (m)

+1-408-776-1400 (o)

paula@contosdunne.com