Cisco affected by software and physical issues


Cisco Systems faced an unusual double whammy of problems, one in software and one in hardware.

First, the most serious problem, a firewall flaw. Security researcher Positive Technologies, who researches security vulnerabilities, issued a warning that a vulnerability in Cisco firewall appliances could allow hackers to fail them.

The problem lies with the Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls. Forrester Research says there are over a million deployed worldwide. Positive has rated the severity of the vulnerability as high and recommended users should install any updates, which are available, as soon as possible.

Positive Technologies researcher Nikita Abramov wrote: “If hackers disrupt the operation of Cisco ASA and Cisco FTD, a business will end up without a firewall and without remote access (VPN). If the attack is successful, remote employees or partners will not be able to access the organization’s internal network, and access from outside will be restricted.

He added that an attacker does not need elevated privileges or special access to exploit the vulnerability, just a simple HTTPS request, in which one of the parts will be a different size than the device expected. . Further analysis of the request will cause the buffer to overflow, and the system will abruptly shut down and restart.

In its own blog post on the subject, Cisco said the vulnerabilities are caused by incorrect input validation of HTTPS requests. An attacker could send a malicious HTTPS request to an affected device, causing it to restart, resulting in a denial of service (DoS).

Cisco said that exploitation of this vulnerability can cause a memory leak, so users can set an alert for high memory usage as a sign of an attack.

Cisco is aware of the issue, and the blog post explains how to get updates that resolve it.

Loose screws

On the more mundane side of things, Cisco issued an alert warning owners of its Unified Computing Systems (UCS) that the UCS X9508 chassis that houses the servers may have a loose screw. The company said that the power input (power) module for a small number of UCS 9508 units might not be screwed firmly into the chassis and could be removed when the power cord is unplugged from the chassis.

“The captive screws designed to secure the PEM were not properly tightened and some chassis were shipped with the module loose.” Therefore, “The PEM may slip out of the chassis when the power cord is removed. »The PEM has two power cords.

It doesn’t require a patch or download, just a Torx T10 head driver. Cisco recommends that you power down the server but do not remove any plugs or PEM before tightening the screws.

Join the Network World communities on Facebook and LinkedIn to comment on the topics that matter to you.

Copyright © 2021 IDG Communications, Inc.


Comments are closed.