Daily Archives: April 2, 2016

Cisco Issues ASA FirePOWER Appliance Security Updates

In late March; Cisco published a security advisory for the software that powers/operates their Adaptive Security Appliance (ASA) with FirePOWER appliances to address a high severity security issue (assigned 1 CVE (defined)).

Why Should This Issue Be Considered Important?
If you make use of Cisco ASA with FirePower appliances, the software that powers them could be bypassed by an unauthenticated remote attacker (an individual with no prior access to your corporate network) enabling them to bypass the malware detection defences of these appliances (namely the very function/service they are designed to provide can be bypassed).

If such a bypass were used in conjunction with the large numbers of ransomware malware currently being distributed, the result could be disastrous for your company/reputation (however this is likely a worst case scenario).

Moreover, there are no workarounds for this issue. Fortunately, at this time the Cisco Product Security Incident Response Team (PSIRT) is not aware of this issue being publically exploited. This issue was responsibly disclosed (defined) to Cisco by Dikla Barda, Liad Mizrachi, and Oded Vanunu from the Check Point Security Team.

The above mentioned security issue affects the following Cisco security products:

  • Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services
  • Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances
  • Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances
  • FirePOWER 7000 Series Appliances
  • FirePOWER 8000 Series Appliances
  • FirePOWER Threat Defense for Integrated Services Routers (ISRs)
  • Next Generation Intrusion Prevention System (NGIPS) for Blue Coat X-Series
  • Sourcefire 3D System Appliances
  • Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware

These products would use versions of Cisco’s Firepower System Software prior to the following fixed/updated versions:

  • 5.4.0.7 and later
  • 5.4.1.6 and later
  • 6.0.1 and later

How Can I Protect Myself from This Issue?
If your organization/business uses any of the above mentioned Cisco security products, please follow the directions within the Cisco security advisory mentioned below to install the necessary security updates:

Cisco Firepower Malware Block Bypass Vulnerability

Thank you.

Blog Comments Policy

In the past week this blog has received vast numbers of spam comments attempting to be visible on this blog. While the comments themselves appear legitimate and are often complimentary/thankful they are either originating from the same IP address and/or wish to promote a website using a shortened URL.

When making a comment you are asked for your:

=======================
Email address: Email addresses are not visible publically. However, they must not advertise any website or service.

I am not overly concerned about the domain name of an email address only the local part (yourname in the following example) namely yourname@domain.com If the domain is found to be malicious, your comment will not be published. If your email address advertises your business e.g. info@example.com I will publish your comment provided it meets the additional guidelines below.

Name: This is visible publically. Your name can be real or fictitious but again must not advertise any website or service.

Website: This is also visible publically. If you choose to add a website to your comment, any website using a shortened link will not be published. Any website link provided will be vetted before publishing since I do not wish for them to be used as advertisements or for spreading malware.
=======================

For Off-topic Comments / Questions: Within reason off-topic comments will be published if they are vaguely related to what is being discussed in a blog post.

Any comment asking what blogging platform I am using will not be published since this blog uses WordPress.com

If you encounter a technical issue with this blog, please use the Contact Me page to notify me and I will do my best to resolve it for you. However, I cannot guarantee that this blog will display correctly on all devices and within all web browsers (past and present).

While I do wish to encourage collaboration/interaction on this blog being asked the same questions repeatedly becomes too time consuming to address them all and leaves less time to publish new content.

I must apologise that earlier approved comments on this blog broke the above rules and did link to websites that were undesirable, such comments/links have now been removed. My apologies if you visited these websites. Any website present/linked to within a comment or post on this blog is not an endorsement by me.

Thank you in advance for your cooperation and understanding.