The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations #US-CERT bulletin

Multiple Vulnerabilities in Cisco ASA Software

The US Computer Emergency Readiness Team (US-CERT) has released a bulletin with warnings for Network Infrastructure teams related to Cisco ASA devices. These network devices provide firewall and Virtual Private Network (VPN) functionality and are often deployed at the edge of a network to protect a site’s network infrastructure, and to give remote users access to protected local resources.

In June 2016, NCCIC received several reports of compromised Cisco ASA devices that were modified in an unauthorized way. The ASA devices directed users to a location where malicious actors tried to socially engineer the users into divulging their credentials.

It is suspected that malicious actors leveraged CVE-2014-3393 to inject malicious code into the affected devices. The malicious actor would then be able to modify the contents of the Random Access Memory Filing System (RAMFS) cache file system and inject the malicious code into the appliance’s configuration. Refer to the Cisco Security Advisory Multiple Vulnerabilities in Cisco ASA Software (link is external)for more information and for remediation details.

US-CERT goes on to explain that Cisco released an update to address an SNMP vulnerability (CVE-2016-6366).

You can read the full bulletin here.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s