Cisco Flaw Affects Firewalls

A newly discovered vulnerability found in two devices made by Cisco could cause remote access to be disrupted.

The flaw – CVE-2021-34704 – was detected by Positive Technologies researcher Nikita Abramov in October in the firewalls of Cisco ASA (Adaptive Security Appliance) and Cisco FTD (Firepower Threat Defense).

If the vulnerability is exploited, the organization’s firewall will be weakened, leaving it more vulnerable to attack, and employees working remotely would be blocked from accessing their organization’s internal network. 

According to Abramov, an attacker does not require elevated privileges or special access to exploit the flaw. All it takes is the formation of a simple request, in which one of the parts is of a different size than that expected by the device. 

Further parsing of the request will trigger a buffer overflow/overrun as the amount of data in the buffer exceeds its storage capacity. The impacted system will then shut down abruptly and restart.

Abramov said: “If hackers disrupt the operation of Cisco ASA and Cisco FTD, a company will be left without a firewall and remote access (VPN). If the attack is successful, remote employees or partners will not be able to access the internal network of the organization, and access from the outside will be restricted. At the same time, firewall failure will reduce the protection of the company.”

Describing the impact such an outcome could have on an organization. Abramov said: “All this can negatively impact company processes, disrupt interactions between departments, and make the company vulnerable to targeted attacks.”

According to Forrester Research, Cisco is an enterprise firewall market leader that has deployed more than 1 million security appliances around the globe. 

An assessment of the flaw determined it to be of high severity with a CVSSv3.0 score of 8.6. A fix for the flaw has been created, and users are advised to follow the manufacturer’s recommendations outlined in its security advisory and install updates as soon as possible. 

Positive Technologies has previously discovered vulnerabilities in Cisco Firepower Device Manager (FDM) On-Box and critical flaws in Cisco ASA, such as CVE-2020-3187, CVE-2020-3259, and CVE-2020-3452.

What’s Hot on Infosecurity Magazine?