Zero Day Threat - Cisco Remote Access on ASA/FTD

Thu, 25 Apr 2024 00:00:00 +0000

Cisco recently patched two critical vulnerabilities in their firewall products, discovered after probable nation-state actors targeted them in a campaign dubbed "Arcane Door". These zero-day vulnerabilities, found in devices running ASA and FTD software, were exploited to implant malware and possibly steal data. Cisco released three patches and has tracked the hacking group under UAT4356 and STORM-1849 by Microsoft. These flaws, involving HTTP header parsing and a legacy VPN client preloading capability, allowed attackers root-level access, emphasizing the need for immediate patching and security upgrades.

Cisco ASA Dropped Traffic Notice: Critical Bug Alert

Fri, 31 Mar 2017 00:00:00 +0000

Cisco seems to be having a rough go of it lately with bugs that have a time bomb for certain hardware and software. Following up on the Signal Component issues – that plagued a large number of product lines (And in Cisco’s defense affected more than just Cisco – other vendors are affetected). I’m still waiting to find out when my Meraki MX84 will be replaced on that one 🙂

Yesterday, Cisco released another Field Notice as well as a blog post, this time affecting a good number of ASA code versions dating back to 9.1.x, and certain FirePower versions. The Field Notice states that all appliances are affected, so this is not a hardware issue like the Signal Component, but a software bug. After around ~ +213 days, the appliance will just start to stop passing network traffic.

ASA on Thoughts and Ramblings by Mike

Zero Day Threat - Cisco Remote Access on ASA/FTD

Cisco ASA Dropped Traffic Notice: Critical Bug Alert