Severe vulnerability found in Cisco firewalls
The security flaw, found in two Cisco firewall products, could be abused by unauthenticated remote attackers in order to carry out denial of service (DoS) attacks.
The vulnerability, which affected Cisco ASA (Adaptive Security Appliance) and Cisco FTD (Firepower Threat Defense) firewalls, was found by Nikita Abramov, a researcher at security firm Positive Technologies.
Tracked as CVE-2021-34704 and assigned a CVSSv3.0 severity score of 8.6, the security flaw would – if left unpatched – allow remote attackers to force the affected firewall devices to reload, achieving denial of service and disrupting employee access to their organization’s internal networks as a result.
To address these vulnerabilities, Cisco has released software security updates for the affected products.
“If hackers disrupt the operation of Cisco ASA and Cisco FTD, a company will be left without a firewall and remote access (VPN),” said Nikita Abramov. “If the attack is successful, remote employees or partners will not be able to access the internal network of the organization, and access from the outside will be restricted.”
The researcher notes that firewall failure caused by the exploit would lower the affected organization’s defences. This would have a negative impact on its processes, “disrupt interactions between departments, and make the company vulnerable to targeted attacks.”
According to Abramov, an attacker does not need elevated privileges or special access to exploit the vulnerability. It is enough to form a simple request, in which one of the parts will be different in size than expected by the device.
“Further parsing of the request will cause a buffer overflow, and the system will be abruptly shut down and then restarted,” he concludes.
To fix the vulnerability, users of Cisco ASA and Cisco FTD should follow the recommendations outlined in the manufacturer's security advisory.
More from CyberNews
Subscribe to our newsletter