Security Alert! Is your company using a Cisco ASA Firewall?

If your company is using a Cisco ASA Firewall, please inform your IT Department that they need to apply the ASA software update/patch as soon as possible.

Cisco has just published an advisory for a very serious vulnerability that exists with the Cisco ASA Security Appliances that could allow a hacker to reboot and modify the firewall configuration.

The list of devices affected are:

  • Cisco ASA 5500 Series Adaptive Security Appliances
  • Cisco ASA 5500-X Series Next-Generation Firewalls
  • Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Cisco ASA 1000V Cloud Firewall
  • Cisco Adaptive Security Virtual Appliance (ASAv)
  • Cisco Firepower 9300 ASA Security Module
  • Cisco ISA 3000 Industrial Security Appliance

 

This is such a critical security issue that Cisco is making the security patch available to customers who DO NOT have a SmartNet Service Contract.

 

Below is an excerpt from Cisco:

Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco Technical Assistance Center (TAC):
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.

 

For a detailed description of this critical vulnerability, please reference the following Cisco URL:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike

Please note that older Cisco ASA devices will also need to upgrade their Cisco ASA Software to the latest version. If your Cisco ASA Firewall is running 8.3 version or older, a complete reconfiguration of the firewall may be required.

Contact us if you need help upgrading your Cisco ASA software.  We are available to work with you to ensure your business’ security.

Originally published on February 11, 2016

Be a thought leader and share:

Subscribe to Our Blog

About the Author

Cybersecurity and Compliance Cybersecurity and Compliance

Organizations entrust Centre with protecting their technology ecosystem and strengthening their security posture. Centre’s cybersecurity and compliance solutions delivers layered IT security to protect businesses’ employees, customers, and content from known and unknown threats. Through employee awareness training, detailed security assessments, and 24x7 threat containment, Centre is a trusted partner for businesses seeking comprehensive network and data protection. Learn more about Cybersecurity and Compliance »

Follow on LinkedIn »