On January 31st, Cisco Systems disclosed a vulnerability allowing up to complete control of a device from the Internet, affecting Cisco ASA Software that is running on several Cisco products.  The purpose of this blog post is to:

  • Help you understand the issue
  • Point you to trusted resources to explain it in more depth
  • Determine how you can protect yourself against it

The Issue

Cisco Systems released an advisory and a patch for a vulnerability allowing up to complete control of a device from the Internet.

What You Should Do

Check the following systems for the webvpn configuration, and if enabled for external communications, the systems need the patch from Cisco.

Vulnerable Products[1]

This vulnerability affects Cisco ASA Software that is running on the following Cisco products:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD)

What ISG Is Doing

Currently, the ISG Data Centers are following our normal process for patching, with additional analysis for the critical configuration problems.  Our service engineers are available to assist any customer with any Cisco product help in regards to this issue and any other issue.

References & Further Information

Please view the Cisco advisory linked below for more technical details on the products and vulnerability.  Ars Technica also produced a story about the issue: https://arstechnica.com/information-technology/2018/01/cisco-drops-a-mega-vulnerability-alert-for-vpn-devices/

[1] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1