A security researcher has discovered a vulnerability in Cisco's firewall (opens in new tab) products that could be exploited to achieve denial of service (DoS (opens in new tab)).
The vulnerability, tracked as CVE-2021-34704 (opens in new tab) with a CVSSv3.0 score of 8.6, was found by Positive Technologies (opens in new tab) researcher Nikita Abramov in the networking giant's Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls.
According to Abramov, elevated privileges or special access are not required by an attacker to exploit the vulnerability. Instead, they can form a simple request in which one of the parts will be different in size than expected by the device to exploit it. From here, further parsing of the request will cause a buffer overflow and the system will be abruptly shut down and then restarted.
Abramov provided further details on how business operations can be disrupted if this vulnerability is exploited in a press release (opens in new tab), saying:
"If hackers disrupt the operation of Cisco ASA and Cisco FTD, a company will be left without a firewall and remote access (VPN). If the attack is successful, remote employees or partners will not be able to access the internal network of the organization, and access from the outside will be restricted. At the same time, firewall failure will reduce the protection of the company. All this can negatively impact company processes, disrupt interactions between departments, and make the company vulnerable to targeted attacks."
Denial of service
In a new security advisory (opens in new tab), Cisco warns that multiple vulnerabilities were discovered in the web services interface of Cisco ASA and Cisco FTD that could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.
The company also explained that these vulnerabilities are “due to improper input validation when parsing HTTPS requests” and that an attacker could exploit them by sending a malicious HTTPS request to an affected device.
Thankfully though, Cisco has released software updates that address these vulnerabilities but it's worth noting that there are no workarounds which means you will have to install the software update if you own a device running Cisco ASA or Cisco FTD with a vulnerable AnyConnect or WebVPN configuration.
To determine if Cisco ASA or Cisco FTD has a vulnerable feature configured, users will need to use the show-running-config CLI and check to see if “crypto ikev2 enable client-service port” or “webvn enable” are configured. If this is the case, Cisco recommends that you install its updates as soon as possible to prevent falling victim to any potential attacks exploiting these vulnerabilities.
We've also highlighted the best firewall (opens in new tab) and best cloud firewall (opens in new tab)