Severe vulnerability found in Cisco firewalls


The security flaw, found in two Cisco firewall products, could be abused by unauthenticated remote attackers in order to carry out denial of service (DoS) attacks.

The vulnerability, which affected Cisco ASA (Adaptive Security Appliance) and Cisco FTD (Firepower Threat Defense) firewalls, was found by Nikita Abramov, a researcher at security firm Positive Technologies.

Tracked as CVE-2021-34704 and assigned a CVSSv3.0 severity score of 8.6, the security flaw would – if left unpatched – allow remote attackers to force the affected firewall devices to reload, achieving denial of service and disrupting employee access to their organization’s internal networks as a result.

ADVERTISEMENT

To address these vulnerabilities, Cisco has released software security updates for the affected products.

Cisco firewalls affected by vulnerabilities<br>

“If hackers disrupt the operation of Cisco ASA and Cisco FTD, a company will be left without a firewall and remote access (VPN),” said Nikita Abramov. “If the attack is successful, remote employees or partners will not be able to access the internal network of the organization, and access from the outside will be restricted.”

The researcher notes that firewall failure caused by the exploit would lower the affected organization’s defences. This would have a negative impact on its processes, “disrupt interactions between departments, and make the company vulnerable to targeted attacks.”

According to Abramov, an attacker does not need elevated privileges or special access to exploit the vulnerability. It is enough to form a simple request, in which one of the parts will be different in size than expected by the device.

“Further parsing of the request will cause a buffer overflow, and the system will be abruptly shut down and then restarted,” he concludes.

To fix the vulnerability, users of Cisco ASA and Cisco FTD should follow the recommendations outlined in the manufacturer's security advisory.


ADVERTISEMENT

More from CyberNews

GoDaddy security breach exposes 1.2 million WordPress users' data

CISA and FBI warn: threat actors don’t take holidays

Why is it so hard to put handcuffs on malicious hackers?

Unsolved hijacking: the Max Headroom hack

Ransomware trends for 2022 and beyond

Subscribe to our newsletter