Cisco vulnerability could cause your firewalls to fail
If left unpatched, this vulnerability could be exploited to achieve denial of service
A security researcher has discovered a vulnerability in Cisco's firewall products that could be exploited to achieve denial of service (DoS).
The vulnerability, tracked as CVE-2021-34704 with a CVSSv3.0 score of 8.6, was found by Positive Technologies researcher Nikita Abramov in the networking giant's Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls.
According to Abramov, elevated privileges or special access are not required by an attacker to exploit the vulnerability. Instead, they can form a simple request in which one of the parts will be different in size than expected by the device to exploit it. From here, further parsing of the request will cause a buffer overflow and the system will be abruptly shut down and then restarted.
Abramov provided further details on how business operations can be disrupted if this vulnerability is exploited in a press release, saying:
"If hackers disrupt the operation of Cisco ASA and Cisco FTD, a company will be left without a firewall and remote access (VPN). If the attack is successful, remote employees or partners will not be able to access the internal network of the organization, and access from the outside will be restricted. At the same time, firewall failure will reduce the protection of the company. All this can negatively impact company processes, disrupt interactions between departments, and make the company vulnerable to targeted attacks."
Denial of service
In a new security advisory, Cisco warns that multiple vulnerabilities were discovered in the web services interface of Cisco ASA and Cisco FTD that could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.
The company also explained that these vulnerabilities are “due to improper input validation when parsing HTTPS requests” and that an attacker could exploit them by sending a malicious HTTPS request to an affected device.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Thankfully though, Cisco has released software updates that address these vulnerabilities but it's worth noting that there are no workarounds which means you will have to install the software update if you own a device running Cisco ASA or Cisco FTD with a vulnerable AnyConnect or WebVPN configuration.
To determine if Cisco ASA or Cisco FTD has a vulnerable feature configured, users will need to use the show-running-config CLI and check to see if “crypto ikev2 enable client-service port” or “webvn enable” are configured. If this is the case, Cisco recommends that you install its updates as soon as possible to prevent falling victim to any potential attacks exploiting these vulnerabilities.
We've also highlighted the best firewall and best cloud firewall
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.