Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
Vulnerability in Cisco Security Devices Is Dangerous For Business Processes in Large Companies

Positive Technologies researcher Nikita Abramov discovered a vulnerability in the Cisco ASA (Adaptive Security Appliance) and Cisco FTD (Firepower Threat Defense) firewalls that can lead to denial of service. The severity level of vulnerability CVE-2021-34704 was assessed as high (CVSSv3.0 score of 8.6), and users are recommended to install updates as soon as possible.

Cisco is an enterprise firewall market leader, according to Forrester Research, and more than 1 million Cisco security appliances are deployed throughout the world.

Nikita Abramov said: "If hackers disrupt the operation of Cisco ASA and Cisco FTD, a company will be left without a firewall and remote access (VPN). If the attack is successful, remote employees or partners will not be able to access the internal network of the organization, and access from the outside will be restricted. At the same time, firewall failure will reduce the protection of the company. All this can negatively impact company processes, disrupt interactions between departments, and make the company vulnerable to targeted attacks."

According to Abramov, an attacker does not need elevated privileges or special access to exploit the vulnerability. It is enough to form a simple request, in which one of the parts will be different in size than expected by the device. Further parsing of the request will cause a buffer overflow, and the system will be abruptly shut down and then restarted.

To fix the vulnerability, follow the manufacturer's recommendations outlined in the security advisory.

Positive Technologies has previously discovered vulnerabilities in Cisco Firepower Device Manager (FDM) On-Box and critical flaws in Cisco ASA, such as CVE-2020-3187, CVE-2020-3259, and CVE-2020-3452.

NTA/NDR solutions for deep traffic analysis such as PT Network Attack Discovery, can help detect attempts to exploit vulnerabilities in Cisco firewalls. One of the ways to detect signs of penetration is to use SIEM solutions (in particular, MaxPatrol SIEM), which help identify suspicious behavior and prevent intruders from moving laterally within the corporate network. Next-generation vulnerability management systems like MaxPatrol VM can also provide continuous monitoring of vulnerabilities within the infrastructure.

Published Monday, November 22, 2021 10:21 AM by David Marshall
Filed under:
Get This Featured White Paper: Why User Experience is Key to Your Desktop Transformation
You may also be interested in this white paper: Cyber Attack Survival Guide for Healthcare
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
ITW2023
big-5g
DTX2023
connected-britain
submarine networks
ContainerDays2023
vExpert
Calendar
<November 2021>
SuMoTuWeThFrSa
31123456
78910111213
14151617181920
21222324252627
2829301234
567891011