Skip to main content
close search
site logo
Dive Brief

Researchers say Cisco firewall software remains vulnerable to attack despite patch

Rapid7 researchers also warn only a very small percentage of users have applied updates.

Published Aug. 26, 2022
David Jones's headshot
Reporter
A Cisco logo with blue lights strands in the background.
David Ramos via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • Researchers from Rapid7 claim malicious actors can still exploit a vulnerability in Cisco firewall software using man-in-the-middle attacks because a patch issued by the company is not working as promised. A large percentage of customers have failed to implement other recent security updates, Rapid7 said. 
  • Earlier this month, in a presentation at Black Hat USA, Rapid7 researchers reported multiple vulnerabilities in Cisco Adaptive Security Software, ASDM and Firepower Services Software for ASA, which were left unpatched for months. Cisco told Rapid7 researchers that it had resolved outstanding issues with CVE-2021-1585 and CVE-2022-20829. 
  • Rapid7 researchers confirmed that CVE-2022-20829 was successfully resolved. However, CVE-2021-1585 can still be exploited by attackers clicking through a pop-up window, Rapid7 said. Researchers also say very few users are deploying the patches that work, leaving a large number of users still vulnerable to attack. 

Dive Insight:

Cisco has more than 300,000 customers using its security products and more than 1 million ASA devices are deployed around the world. 

Rapid7 said the overarching point of the research they’ve conducted on Cisco highlights the risk of a malicious actor using ASA to hide or embed malicious code to gain further access into a targeted network. Essentially, ASA can be treated as a “Trojan horse” to launch attacks. 

“We’ve demonstrated that a man-in-the-middle or evil endpoint can still execute arbitrary code by attacking ASDM,” Jake Baines, lead security researcher at Rapid7, said via email. “Although we’ve shared this information with Cisco, it appears they intend to leave this unaddressed to support backwards compatibility with old versions of ASDM.”

Baines said Rapid7 has released some YARA rules to help users determine if they’ve installed malicious software. 

Cisco said it released fixed software for all of the vulnerabilities previously disclosed by Rapid7 researchers. A Cisco spokesperson said CVE-2021-1985 is fixed in the Cisco Adaptive Security Device Manager on the device running Cisco Adaptive Security Appliance (ASA) software and the Cisco ASDM-IDM launcher on the user’s local machine are both updated. 

“A click-through bypass window only presents itself if a user connects to a device running an out-of-date version of Cisco ASDM using a local machine that runs the latest Cisco ASDM-IDM Launcher update,” the Cisco spokesperson said, via email. 

The Cisco spokesperson added that some customers may not have upgraded to a version of ASDM that fixes CVE-2021-1985. 

“Cisco has a robust process in place to inform its customers about security vulnerabilities in our products and how to mitigate them,” the spokesperson said. “Please refer to the specific security advisories for the latest information.”

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell