Unpatched Cisco ASA firewalls targeted by hackers

By
Follow google news

Attack makes permanent changes.

Network vendor Cisco is urging customers to patch their Adaptive Security Appliance firewalls as soon as possible, after discovering a serious vulnerability is currently being exploited by hackers.

Unpatched Cisco ASA firewalls targeted by hackers
Cisco ASA 5505

Cisco incident manager Stefano de Crescenzo said users with customised Clientless Secure Sockets Layer Virtal Private Networking portals should review a security advisory to check if their ASAs have been compromised.

The vulnerability is caused by poor authentication and permission checking that allows attackers to remotely modify objects in an in-memory cache file system.

This is also applies to the DfltCustomisation customisation object, which allows administrators to create new templates to change the look of the Clientless SSL VPN portal, used for secure remote access to corporate networks.

A successful exploit may allow unauthenticated attackers to modify the content of the Clientless SSL VPN portal and inject malicious code. This in turn could be used for several types of attacks, de Crescenzo said, including credentials stealing, malware dissemination and cross-scripting.

De Crescenzo said that as the attack makes permanent changes to the customisation object, reloading or applying a fixed version of the ASA software will not remove the compromise.

Any compromised customisation objects should be deleted, de Crescenzo advised. The default customisation object cannot be deleted he said, but compromised templates can be overwritten by importing the system DfltCustomisation object.

Researcher Alec Stuart-Muirk reported the vulnerability to Cisco in October 2014.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

National photo licence recognition system set to go live in 2025

National photo licence recognition system set to go live in 2025

Hackers using F5 devices to target US gov networks

Hackers using F5 devices to target US gov networks

Qantas says customer data released by cyber criminals

Qantas says customer data released by cyber criminals

Austrade to replace its data centre core network

Austrade to replace its data centre core network

Log In

  |  Forgot your password?