Re: Cisco ASA vulnerable

Cisco SE · ‎04-28-2024

Hi, im running a Cisco ASA 5505 with 9.1(2) with Anyconnect enabled. I read that there are some vulnerabilities on this device. Am i affected or any recommendations on what i should do?

MHM Cisco World · ‎04-28-2024

https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221806-password-spray-attacks-impacting-custome.html

check this

MHM

Leo Laohoo · ‎04-28-2024

Cisco Event Response: Attacks Against Cisco Firewall Platforms

1. Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

2. Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability

#1 & #2 are currently being actively exploited in the wild.

Exploitation and Public Announcements

Cisco has confirmed that this vulnerability has been exploited. Cisco strongly recommends that customers upgrade to fixed software to resolve this vulnerability. Customers are also strongly encouraged to monitor system logs for indicators of undocumented configuration changes, unscheduled reboots, and any anomalous credential activity.

Further reading:

Marius Gunnerud · ‎04-29-2024

There really is not much you can do with that hardware. The last supported version for ASA5505 is 7.0.4. To protect yourself against the recent vulnerabilities you would need to upgrade your hardware and then install the latest fixed version of ASA or FTD (depending on which you go for.)

--
Please remember to select a correct answer and rate helpful posts

Jerome BERTHIER · ‎05-02-2024

Seriously ?

There is so much CVE issue applicable to such an old ASA version ! It is a crazy situation.

I don't know what you expect to protect with that but if it is exposed to Internet, I guess it might be already compromised. As @Marius Gunnerud said, just upgrade to a supported hardware and a supported code.

Good luck.