When Cisco officials revealed the bug last week in a series of Adaptive Security Appliance products, they said they had no evidence that someone was actively using it. Earlier this week, the officials updated their advice to indicate that this was no longer the case.
"The Cisco Product Security Incident Response Team (PSIRT) is aware of the public knowledge of the vulnerability described in this advisory report," wrote the officials. "Cisco PSIRT is aware of attempts to abuse the vulnerability described in this advisory report."
The update does not state how widespread the attacks are, whether one succeeds or who executes them. Craig Williams, a Cisco researcher and director of outreach for Cisco's Talos security team, wrote on Thursday about the vulnerability: "This is not an exercise ... Wait right away." Exploitation, albeit weak DoS to date, has been observed in the field. "
The tweet seemed to suggest that effective attacks with code execution still had to succeed in the active attacks. A separate tweet from independent researcher Kevin Beaumont on Friday shortly before this post said: "Someone has just tried the Cisco ASA vulnerability on my honeypot.
In a follow-up tweet, Beaumont also indicated that the attack had not performed the code successfully.
The warning for in-the-wild exploit attempts came around the same time that Cisco warned that the vulnerability - which already had the maximum severity score of 10 under the Common Vulnerability Scoring System - posed an even greater threat than originally thought. The revised review was based on a detailed survey conducted by Cisco researchers after the release of last week's original advice based on findings from external security company NCC Group. As a result of the new findings, Cisco has issued a new set of patches to replace the previously released patches.
"After broadening the survey, Cisco engineers encountered other attack vectors and features that were affected by this vulnerability, which were not originally identified by the NCC Group and then updated the security advisory that Cisco officials wrote on Monday." In addition, it has also been found that the original list of fixed releases published in the security advice later proved to be vulnerable to additional denial of service conditions. "
The maximum priority rating of the vulnerability results from the relative ease of use, combined with the extraordinary control if it produces successful attackers. Devices with Cisco ASA software are usually located on the edge of a secure network, making them easy to find by outsiders. Once they have been exploited, the devices allow remote hackers to seize the administrative control of networks and to monitor all traffic going through them. About Cisco products include:
- Industrial safety equipment from the 3000 series (ISA)
- Adaptive security equipment from the ASA 5500 series
- ASA 5500-X series next generation firewalls
- ASA Services Module for Cisco Catalyst 6500 series switches and Cisco 7600 series routers
- ASA 1000V Cloud Firewall
- Adaptive Security Virtual Appliance (ASAv)
- Firepower 2100 series security device
- Firepower 4110 Security device
- Firepower 4120 Security device
- Firepower 4140 Security device
- Firepower 4150 Security device
- Firepower 9300 ASA security module
- Firepower Threat Defense Software (FTD)
- FTD Virtual
No comments:
Post a Comment
Note: only a member of this blog may post a comment.