When exploited, this vulnerability known as CVE-2018-0101 allows the attacker to see all of the data passing through the system and provides them with administrative privileges, enabling them to remotely gain access to the network behind it. Targeting the vulnerability without a specially-crafted exploit would cause the firewall to crash and would potentially disrupt the connectivity to the network.
The global cyber security and risk mitigation expert found that the vulnerability affects routers and, because most firewalls are configured to provide VPN access, it affects most business using a Cisco ASA firewall.
Businesses can protect themselves by implementing a patch, which Cisco has been quick to release following the discovery of this vulnerability. It is also recommended that organisations consider upgrading their firewalls to one of the most recent branches in order to safeguard from potential zero-day vulnerabilities.
This vulnerability can only be triggered if remote AnyConnect or WebVPN access is enabled, which is a common configuration for these firewalls. Large enterprises or those with more sophisticated routers are potentially at more risk due to the increased capability for remote access.
Ollie Whitehouse, global chief technical officer at NCC Group, said: “While this is an extremely serious vulnerability, it’s important to commend Cisco for how swiftly the company took action when this issue was brought to its attention. The company has responded diligently and in reacting so quickly, has demonstrated best practice to the rest of the industry.
“The threat of cybercrime is more significant than it has ever been, and is one of the most serious threats affecting the business community. The fact that this vulnerability was found in a firewall designed to prevent unauthorised access only reinforces the fact that nothing can ever be 100% secure – spreading this knowledge is crucial. “The best way businesses can mitigate the majority of these types of threats is by keeping their software, including operating systems and firewalls, up to date.”
For more information from Cisco about this vulnerability and software update visit.
Cedric Halbronn, Senior Researcher at NCC Group, will be at REcon Brussels on 02-04 February 2018 to discuss discovering and exploiting a vulnerability in firewalls with Robin Hood vs Cisco ASA AnyConnect.