The US Computer Emergency Readiness Team (US-CERT) has released a bulletin with warnings for Network Infrastructure teams related to Cisco ASA devices. These network devices provide firewall and Virtual Private Network (VPN) functionality and are often deployed at the edge of a network to protect a site’s network infrastructure, and to give remote users access to protected local resources.
In June 2016, NCCIC received several reports of compromised Cisco ASA devices that were modified in an unauthorized way. The ASA devices directed users to a location where malicious actors tried to socially engineer the users into divulging their credentials.
It is suspected that malicious actors leveraged CVE-2014-3393 to inject malicious code into the affected devices. The malicious actor would then be able to modify the contents of the Random Access Memory Filing System (RAMFS) cache file system and inject the malicious code into the appliance’s configuration. Refer to the Cisco Security Advisory Multiple Vulnerabilities in Cisco ASA Software (link is external)for more information and for remediation details.
US-CERT goes on to explain that Cisco released an update to address an SNMP vulnerability (CVE-2016-6366).
You can read the full bulletin here.