Home » Blog » Strong Malicious Malware Hits Cisco VPNs

Strong Malicious Malware Hits Cisco VPNs

People might think that once they used a famous or trusted brand, they are using quality. Besides, products from these big companies or tech giants are not cheap. They are expensive because they offer quality and high security.

However, even these tech giants experience vulnerabilities and lapses in their products and bugs in systems.

Just this 2018, Cisco, a known worldwide leader in information technology (IT) and networking, was reported to have bugs in its systems. Cisco has experienced a program slip on its ASA or adaptive security appliance as well as its firepower threat defense software products.

According to reports, the vulnerabilities that were found scored a perfect ten in a Common Vulnerability Scoring System (CVSS) rating. And this bug is present in Cisco’s product with SSL VPN functionality.

Those who have installed the VPN on their computers or devices like the webvpn, this means, that the users who are using this, have their system exposed to the internet. Attackers can easily see their interface and do monitoring or intercepting.

If a user is lucky, an attacker will just ignore this and trigger a denial-of-service attack. However, if the attacker is sneaky and evil, it can intercept the traffic and create suspicious arbitrary codes on your firewall’s network. Something that you don’t want to happen to you or if you are a company, to the rest of the people using your network.

Strong Malicious Malware Hits Cisco VPNs

The Root of the Bug

According to the advisory made by Switchzilla, the bug was caused in the attempt of Cisco to free some memory on some regions of webvpn. In doing this, they have enabled the webvpn feature on the Cisco ASA device. This caused a vulnerability that hackers and attackers can take advantage of. With this vulnerability, they can send crafted XML packets to any webvpn-configured interface. They can send multiple of this on the affected system.

The vulnerabilities have affected over 3000 series of industrial firewalls. It has also affected ASA. The ASAs affected include 5500 and 5500-x firewalls.

Others that were affected by the vulnerability include firewall modules. These firewall modules are for 7600 series routers, and catalyst 6500 switches. Virtual ASA 1000V and ASAv products were also affected by the bug.

The 2100, 4110, and the 9300 ASA module, three firepower appliances as well as the firepower threat defense (ftd) software was also hit but the vulnerability.

Patches on the Vulnerabilities

Cisco has already released a list of ASA systems that were affected. Some of them were hit five years ago. They are also creating patched versions on the affected systems.

The firepower threat defense version 6.2.2, was released last year and also some of the systems that were affected by the bug. Cisco has built its latest version to fix the bug, or, which depends on the hardware the user is using.

If you think your Adaptive Security Appliance Software and Firepower Threat Defense software is affected by the vulnerability, there are already patches that are available.

You need to first revisit your Cisco service contract if the fix is part of the terms. On the other hand, you can also contact your reseller so they can provide the patches on your Adaptive Security Appliance Software and Firepower Threat Defense software

If these do not work, you still have another chance of calling the Cisco Technical Assistance Center in a very, very nice way so they can give you the fix that you needed.

For a multimillion and an IT and networking leader, it is surprising to find some problems with their products. But in this digital age, everything is possible. Everything has vulnerabilities.

Bugs on Other VPNs

Cisco is not the only tech giant that has experienced an unexpected bug in their systems and products.

Other VPN service providers have also reported some vulnerabilities that have put their millions of users at risk. NordVPN and ProtonVPN are some of the big names in the VPN market. They, too, did not escape some bugs on their services and products.

It was found out that a minor slip on their systems can cause attackers to monitor and intercept its many users’ activities and data.

According to NordVPN and ProtonVPN, even though they have vulnerabilities in their systems and products, attackers cannot easily access their traffic as they need to intercept first the computers of their users. Once they are successful with that, they can now connect with their servers and launch scripts or codes that can harm the users.

Even though the vulnerability is not easily hackable, still NordVPN and ProtonVPN are doing patches to fix the bug.

If you are using a VPN and that VPN is launching some newer versions, it means that they are updating their services and patching some vulnerabilities that they have found in the older version.

However, be vigilant in installing some of these updates and make sure that they are from credible sources or from the VPN provider itself.

It is really surprising to have a multi-million IT and networking company to have a ten out of ten rated bugs in their systems and products.

What we can take from here is that tech giants are not excused from having slips like this, whether it is big or small, these slips or vulnerabilities are still dangerous. They can cause millions of damages and put millions of users at risk.

Imagine that 10 products and systems that were affected by the ten rating bug. It can affect a large number of users.

If you think that your system or program is acting the way it should not be, or that there is something malicious going on, it is better to contact your provider and report the situation right away.

You might be the lucky one to have the bug in its system. That is why, before fully getting any damages or potential risk, it is best to report them right away so that proper patches and fixes can be made.

In this day and age, it is always encouraged to be vigilant and careful in using programs and systems. Because technology is getting smarter and so are bugs and malicious software.


Leave a Reply

Your email address will not be published. Required fields are marked *