In late March; Cisco published a security advisory for the software that powers/operates their Adaptive Security Appliance (ASA) with FirePOWER appliances to address a high severity security issue (assigned 1 CVE (defined)).
Why Should This Issue Be Considered Important?
If you make use of Cisco ASA with FirePower appliances, the software that powers them could be bypassed by an unauthenticated remote attacker (an individual with no prior access to your corporate network) enabling them to bypass the malware detection defences of these appliances (namely the very function/service they are designed to provide can be bypassed).
If such a bypass were used in conjunction with the large numbers of ransomware malware currently being distributed, the result could be disastrous for your company/reputation (however this is likely a worst case scenario).
Moreover, there are no workarounds for this issue. Fortunately, at this time the Cisco Product Security Incident Response Team (PSIRT) is not aware of this issue being publically exploited. This issue was responsibly disclosed (defined) to Cisco by Dikla Barda, Liad Mizrachi, and Oded Vanunu from the Check Point Security Team.
The above mentioned security issue affects the following Cisco security products:
- Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services
- Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances
- Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances
- FirePOWER 7000 Series Appliances
- FirePOWER 8000 Series Appliances
- FirePOWER Threat Defense for Integrated Services Routers (ISRs)
- Next Generation Intrusion Prevention System (NGIPS) for Blue Coat X-Series
- Sourcefire 3D System Appliances
- Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware
These products would use versions of Cisco’s Firepower System Software prior to the following fixed/updated versions:
- 220.127.116.11 and later
- 18.104.22.168 and later
- 6.0.1 and later
How Can I Protect Myself from This Issue?
If your organization/business uses any of the above mentioned Cisco security products, please follow the directions within the Cisco security advisory mentioned below to install the necessary security updates: