Skip to main content

Cisco fixes firewall bugs that opened door to DoS attacks

(Image credit: Flickr / Prayitno)

Researchers have discovered a pair of serious vulnerabilities in Cisco's ASA firewall, which could allow criminals to block VPN connections and even penetrate corporate networks, stealing valuable data in the process.

This is according to cybersecurity experts Mikhail Klyuchnikov and Nikita Abramov from Positive Technologies, who discovered the flaws and alerted Cisco.

The first (CVE-2020-3187) was described as relatively simple vulnerability that could be exploited even by a “low-skilled hacker” and was handed a severity score of 9.1 (which classifies the flaw as "critical").

It revolves around a vulnerability in WebVPN that could open the door to a DoS attack against Cisco ASA device by deleting files from the system. By doing so, the hackers could also disable the VPN connection.

The second vulnerability (CVE-2020-3259) was given a severity score of 7.5. It allows hackers to read parts of the device dynamic memory and obtain the current session IDs of Cisco VPN users. Hackers could then use the IDs to infiltrate the corporate network and steal valuable data such as login credentials, emails and certificates.

According to the researchers, this vulnerability does not require authorisation and can be exploited remotely. 

"VPN blocking may disrupt numerous business processes. For example, this can affect connection between branch offices in a distributed network, disrupt email, ERP, and other critical systems,” said Klyuchnikov.

“Another problem is that internal resources may become unavailable to remote workers. This is especially dangerous now that many employees are working remotely due to the coronavirus outbreak."

Both flaws can be remedied by updating Cisco ASA to the latest available version.