Positive Technologies Identifies Vulnerabilities in Cisco Systems Firewalls, Cisco Implements Fixes

Successful exploits could cause denial of service and block access to corporate networks

"The main danger is that attackers can send a specially crafted package to cause denial of service of the firewall—the  device will reload, and users will be denied access to a company's internal network (for example, via VPN), which can significantly affect business processes amidst the pandemic,” Mr. Abramov noted.  “The number of devices exposed to these vulnerabilities is similar to the number of devices affected by CVE-2020-3259, which affected the Cisco ASA firewall and was found in 220,000 devices."

The attack does not require any additional rights, access or authorization. All attackers have to do is send a special request using a special path. Mr.  Abramov reports that any organization using vulnerable devices to offer employees access to internal resources via VPN is in danger.

Both vulnerabilities, officially CVE-2021-1445 and CVE-2021-1504, have a CVSS 3.1 score of 8.6, reflecting a high degree of danger. These are logical errors that often appear due to developers' carelessness or insufficient code testing during development.

To eliminate vulnerabilities, users are advised to follow the recommendations specified in the official Cisco notice. To detect attempts to exploit vulnerabilities in the Cisco firewall, network traffic analysis systems (NTA/NDR) can be used, for example PT Network Attack Discovery. If an attack is successful, signs of penetration can be detected with SIEM solutions such as MaxPatrol SIEM, which help identify suspicious behavior, register an incident, and prevent intruders from moving laterally within the corporate network in a timely manner.

Source: Positive Technologies media announcement