Security Alert: Cisco ASA, FMC, and FTD Software Security Advisory

May 13, 2020 | Posted in:

Systems Engineering Alert, IT Security

Cisco released a collection of 12 Security Advisories for Cisco Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC) software. The collection includes High Risk Vulnerabilities that could give an attacker unauthenticated access to the affected device’s file system. This vulnerability can also cause a Denial of Service (DoS). This means a firewall would be incapable of passing through internet traffic and require a system reboot.

Many businesses have moved to a large remote workforce, attributed to Covid19, and a DoS scenario could be very impactful to remote employees. For this reason, we are recommending our customers plan for the necessary firmware upgrades to ensure they are not affected by these vulnerabilities.

While most of these vulnerabilities require some very specific and uncommon features to be in use, there are four vulnerabilities that can affect most ASA and FTD firewalls. The vulnerability results in a DoS condition, which is a resource availability concern far more than a data compromise or security concern.

Cisco has addressed and resolved this vulnerability by providing an ASA and FTD firmware update. The recommended upgrade versions below patch all 12 vulnerabilities. The code versions are as follows:

  • Adaptive Security Appliance (ASA): 9.8(4)20
  • Firepower Threat Defense (FTD):
  • Firepower Management Center: + Hotfix AA

Course of Action

Systems Engineering has determined that this vulnerability impacts multiple customers. To avoid this vulnerability from being exploited, customers who subscribe to the following services; EventWatch, Network Security, and IT Essentials will be contacted to organize a convenient downtime window to patch affected ASA and FTD firewalls.

For those not covered under one of our previously mentioned services and using the vulnerable ASA and FTD firewall's specified above, it is recommended you make arrangements to patch the vulnerabilities independently.

For more information on secure collaboration tools, reach out to Systems Engineering at info@systemsengineering.com, or 888.624.6737. Customers, please reach out to your Account Manager.

Stay current on the news and events to keep your remote workforce productive and secure by visiting our COVID-19 Resource Portal.