A high-severity vulnerability affecting Cisco ASA and Firepower security appliances is undergoing exploitation, Cisco said.
“Cisco PSIRT has become aware of a public proof-of-concept exploit and is aware of customer device reloads related to this vulnerability. Cisco strongly recommends that customers upgrade to a fixed Cisco ASA software release to remediate this issue,” the company said in an update.
In addition, Cisco added, “A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques.”
The vulnerability affects Cisco ASA software and Cisco Firepower Threat Defense (FTD) software.
It can be leveraged by an unauthenticated, remote attacker to cause an affected device to reload unexpectedly.
“It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques,” Cisco said.
Affected devices include:
• 3000 Series Industrial Security Appliance (ISA)
• ASA 1000V Cloud Firewall
• ASA 5500 Series Adaptive Security Appliances
• ASA 5500-X Series Next-Generation Firewalls
• ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
• Adaptive Security Virtual Appliance (ASAv)
• Firepower 2100 and 4100 Series Security Appliance
• Firepower 9300 ASA Security Module
• FTD Virtual (FTDv)
No workarounds are available, so users should install the updates that released a month ago.