A newly identified vulnerability in two Cisco devices may allow remote access to be interrupted. Positive Technologies researcher Nikita Abramov discovered the issue – CVE-2021-34704 – in the firewalls of Cisco ASA (Adaptive Security Appliance) and Cisco FTD in October (Firepower Threat Defense).
If the vulnerability is exploited, the organization’s firewall will be weakened, making it more vulnerable to attack, and remote employees will be prevented from accessing their organization’s internal network.
An attacker does not need higher rights or specific access to exploit the weakness, according to Abramov. It only involves the creation of a basic request in which one of the elements is of a different size than the device expects.
As the quantity of data in the buffer exceeds its storage limit, further processing of the request will result in a buffer overflow/overrun. The afflicted system will then abruptly shut down and restart.
“If hackers impair the operation of Cisco ASA and Cisco FTD, a corporation would be left without a firewall and remote access,” Abramov added (VPN). If the assault is effective, distant employees or partners will be unable to access the organization’s internal network, and external access would be restricted. At the same time, if the firewall fails, the company’s security would suffer.”
Describe the impact such a result may have on a company. “All of this may have a detrimental influence on corporate operations, disrupt interactions between departments, and render the organisation vulnerable to targeted assaults,” Abramov added.
According to Forrester Research, Cisco is the industry leader in business firewalls, having installed over 1 million security appliances worldwide. The fault was assessed to be of severe severity, with a CVSSv3.0 score of 8.6. A patch has been developed to address the problem, and users are recommended to follow the manufacturer’s advice indicated in its security alert and install updates as soon as feasible.
Positive Technologies previously uncovered vulnerabilities in Cisco Firepower Device Manager (FDM) On-Box as well as major issues in Cisco ASA, including CVE-2020-3187, CVE-2020-3259, and CVE-2020-3452.