A newly identified vulnerability in two Cisco devices might result in the loss of remote access. Positive Technologies researcher Nikita Abramov discovered the issue – CVE-2021-34704 – in the firewalls of Cisco ASA (Adaptive Security Appliance) and Cisco FTD (Firepower Threat Defense). If the flaw is abused, the company’s firewall will deteriorate, making it more vulnerable to attack, and distant employees will be denied access to its internal network.
An attacker does not need higher rights or specific access to exploit the weakness, according to Abramov. It only involves the creation of a basic request in which one of the components is of a different size than the device expects. As the amount of data in the buffer surpasses its storage limit, further processing the request will result in a buffer overflow/overrun. The affected system will then shut down and restart suddenly.
According to Abramov, if hackers disable Cisco ASA and Cisco FTD, a business would be left without remote access and a firewall. If the strike is effective, distant employees or partners will be unable to access the organization’s internal network, and external access will be restricted. At the same time, if the firewall fails, the company’s security will be compromised. All of this can negatively influence corporate operations, disrupt departmental interactions, and expose the organization to targeted cyberattacks.
Cisco is the industry leader in business firewalls, according to Forrester Research, with over 1 million security appliances deployed across the world. A CVSSv3.0 score of 8.6 was assigned to the issue, indicating that it was of high severity. The problem has been fixed, and users are recommended to follow the manufacturer’s security advisory’s recommendations and install updates as soon as feasible.
