Cisco VPN Bug Rates 10 Out of 10

FrgMstr

FrgMstr

Just Plain Mean
Staff member
Joined
May 18, 1997
Messages
55,620
If you are a system admin and use Cisco's ASA OS for network security devices, well, there is an upcoming security issue with your security and you likely need to secure it this week, because the exploit goes public this weekend. This exploit will be attached to the Cisco WEBVPN feature and if exploited can give the attacker full control of the system. If you have any ASA or Firepower products, you need to get your ducks in line now and the bug applies to FTD 6.22. An thankfully there is a quick check you can run to determine if you have the issue with your system. Thanks to Monkey34 for the heads up!



This vulnerability affects devices that are running a vulnerable release of Cisco ASA Software where the webvpn feature is enabled. In addition to webvpn being globally configured there must be one enabled interface via the enable <if_name> in the configuration. To determine whether webvpn is enabled for at least one interface, administrators can use the show running-config webvpn command at the CLI and verify that the command returns at least one enable <if_name> line.
 
Just as my company is putting a new pair of these in. We got the VPN functions moved over to them, and were about to change over to full duty for them, and we hear about this. Great...
 
well, thank goodness we only have this enabled on one of our many ASAv's deployed.

still....gonna upgrade one might as well upgrade them all.
 
Just finished phasing my Cisco firewalls, took the last one off-line last month.

For once I'm ahead of the curve :D
 
the whole "announced on tuesday, and here's the exploit on saturday" thing is BS... i've got 80 asa's that my 4 man shop isn't gonna be able to get patched and FUNCTIONING by then.
 
ammosponge said:
the whole "announced on tuesday, and here's the exploit on saturday" thing is BS... i've got 80 asa's that my 4 man shop isn't gonna be able to get patched and FUNCTIONING by then.
Click to expand...

Ouch. How the heck does a 4 man shop warrant 80 ASAs? What does the company do?
 
dgingeri said:
Ouch. How the heck does a 4 man shop warrant 80 ASAs? What does the company do?
Click to expand...

I think they mean that there's 4 people who can do the work in the company to perform the updates. The company as a whole is much larger than 4 people.
 
travisty said:
I think they mean that there's 4 people who can do the work in the company to perform the updates. The company as a whole is much larger than 4 people.
Click to expand...
Well, if that's the case, I'd be recruiting some of the other admins, if they're capable enough, which they usually are. When I was the admin for my old test lab, I was more experienced in Windows, hardware, and storage, but I wound up being wrangled to do firmware updates for the network and SAN equipment. It's not that hard to do, unless something goes wrong, but that's pretty rare.
 
Fact is, it doesn't matter what segment of IT you're in. The next few years are going to be interesting. As in "May you live in interesting times."
 
dgingeri said:
Ouch. How the heck does a 4 man shop warrant 80 ASAs? What does the company do?
Click to expand...

I would assume companies with a plural. The 4 man shop is his consulting shop, and they have a lot of customers affected by this.
 
bman212121 said:
I would assume companies with a plural. The 4 man shop is his consulting shop, and they have a lot of customers affected by this.
Click to expand...

That would definitely be a problem. I'd be looking to contract out in that case.
 
Full Otto said:
Fact is, it doesn't matter what segment of IT you're in. The next few years are going to be interesting. As in "May you live in interesting times."
Click to expand...

Things have gotten easier and safer over the years. I don't expect too many "interesting" situations in the next decade, but I do expect another surge of capabilities due to increasing core counts. AMD has changed the game back toward advancement again. We may see more automation and virtualization, but I don't expect too much disruption from how we do things now.
 
FYI:

1. The exploit has now been seen in use in the field.
2. The vulnerability is even worse than originally thought.....and there are NEW patches out to replace the ones they first released.

Once exploited, the devices allow remote hackers to seize administrative control of networks and to monitor all traffic that passes through them.

https://arstechnica.com/information...erability-cisco-dropped-is-now-under-exploit/
 
You must log in or register to reply here.
Back
Top