Waltham, MA – February 2, 2018 – Cisco has issued a major update to this advisory as more detail has come to light. What’s changed?
- Two bugs have been appended to the advisory, which details newly discovered attack vectors closely associated to the initial bug/advisory announced last week. It’s why this advisory was updated, as opposed to a new one being issued.
- Thirteen new features were added, which if deployed, will cause Cisco FWs to be vulnerable at some level. Your FWs must be checked for the existence of any of this offending configuration to know if you’re vulnerable to the advisory. In addition, the ‘asp table’ should be checked to verify if the device is listening for SSL – the exact command is given in the advisory.
- Cisco spun-up new code to address these newly described vulnerabilities. No existing code, other than what’s given in the advisory, is remediated. This means the list of fixed code has now completely changed – software revisions that were considered remediated before should NOT be considered for now.
The researcher responsible for discovering this exploit made the unfortunate decision to reveal the full mechanics of it at his presentation at the Defcon conference on Friday. Given the ease of exploitation and other characteristics, this obviously heightens the concern when assessing your risk.
NWN is currently working on mitigation details for Managed Security Service customers with firewalls under support. A team member will be reaching out with an action plan to remediate this advisory.