Critical security vulnerability found in business firewalls

Originally published at www.nccgroup.trust.

Businesses using Cisco ASA firewalls could be at significant risk of a cyber attack following the discovery of a critical vulnerability by NCC Group.

When exploited, this vulnerability known as CVE-2018–0101 allows the attacker to see all of the data passing through the system and provides them with administrative privileges, enabling them to remotely gain access to the network behind it. Targeting the vulnerability without a specially-crafted exploit would cause the firewall to crash and would potentially disrupt the connectivity to the network.

The global cyber security and risk mitigation expert found that the vulnerability affects routers and, because most firewalls are configured to provide VPN access, it affects most business using a Cisco ASA firewall.

Businesses can protect themselves by implementing a patch, which Cisco has been quick to release following the discovery of this vulnerability. It is also recommended that organisations consider upgrading their firewalls to one of the most recent branches in order to safeguard from potential zero-day vulnerabilities.

This vulnerability can only be triggered if remote AnyConnect or WebVPN access is enabled, which is a common configuration for these firewalls. Large enterprises or those with more sophisticated routers are potentially at more risk due to the increased capability for remote access.

Ollie Whitehouse, Global Chief Technical Officer at NCC Group, said: “While this is an extremely serious vulnerability, it’s important to commend Cisco for how swiftly the company took action when this issue was brought to its attention. The company has responded diligently and in reacting so quickly, has demonstrated best practice to the rest of the industry.

“The threat of cyber crime is more significant than it has ever been, and is one of the most serious threats affecting the business community. The fact that this vulnerability was found in a firewall designed to prevent unauthorised access only reinforces the fact that nothing can ever be 100% secure — spreading this knowledge is crucial.

“The best way businesses can mitigate the majority of these types of threats is by keeping their software, including operating systems and firewalls up to date.”

For more information from Cisco about this vulnerability and software update visit:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1

Event

Cedric Halbronn, Senior Researcher at NCC Group, will be at REcon Brussels on 02–04 February 2018 to discuss discovering and exploiting a vulnerability in firewalls with Robin Hood vs Cisco ASA AnyConnect. Click here for more details