Network technologies and trends

Aug 26 2016   6:17AM GMT

Shadow Brokers group and Cisco exploit

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Tags:
ASA
Cisco
NSA
Security
SNMP
Software
vulnerability

The recent claims by Shadow Brokers group to have stolen hacking tools which might belong to the National Security Agency (NSA) has drawn interest of major Security vendors.  Cisco did acknowledge that there is a vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) software, which could allow an authenticated remote attacker to cause a reload of the affected ASA or simply the attacker can execute the code remotely. The only prerequisite to exploit this vulnerability is to know SNMP community string in SNMP version 1 and SNMP version 2c or a valid username and password for SNMP version 3.

Following are the affected products

Cisco ASA 5500 Series Adaptive Security Appliances

Cisco ASA 5500-X Series Next-Generation Firewalls

Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers

Cisco ASA 1000V Cloud Firewall

Cisco Adaptive Security Virtual Appliance (ASAv)

Cisco Firepower 4100 Series

Cisco Firepower 9300 ASA Security Module

Cisco Firepower Threat Defense Software

Cisco Firewall Services Module (FWSM)

Cisco Industrial Security Appliance 3000

Cisco PIX Firewalls

Initially a work around was offered by Cisco is to ensure that only trusted users to have an SNMP access to Cisco Security Products using the snmp-server host command.

The following link provides step-by-step guidance on how SNMP is configured in the Cisco ASA:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/monitor-snmp.html

Well this falls under best practices and one should always follow the recommended best security practices. Those who are following the recommended best security practice are safe. It’s worth to revisit all the Cisco Security Appliance configuration and do a thorough review.

Cisco also released the new release of the software which overcomes this vulnerability,

Fixed Releases

Cisco ASA Major Release First Fixed Release
 7.2 Affected; migrate to 9.1.7(9) or later
 8.0 Affected; migrate to 9.1.7(9) or later
8.1 Affected; migrate to 9.1.7(9) or later
8.2 Affected; migrate to 9.1.7(9) or later
8.3 Affected; migrate to 9.1.7(9) or later
8.4 Affected; migrate to 9.1.7(9) or later
8.5 Affected; migrate to 9.1.7(9) or later
8.6 Affected; migrate to 9.1.7(9) or later
8.7 Affected; migrate to 9.1.7(9) or later
9.0 9.0.4(40)
9.1 9.1.7(9)
9.2 9.2.4(14)
9.3 9.3.3(10)
9.4 9.4.3(8) ETA 8/26/2016
9.5 9.5(3) ETA 8/30/2016
9.6 (FTD) 9.6.1(11) / FTD 6.0.1(2)
9.6 (ASA) 9.6.2

The new software fix issued by Cisco ensures that major software trails of the ASA are affected and it needs an upgrade to  9.x (ASA) trail, which means one should ensure the hardware they are using have enough memory. It’s better to contact Cisco TAC to seek their advice on how to proceed on the upgrade.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: