Clients of tech support services in Ottawa who run Cisco devices in their environment should be aware of a vulnerability within the Cisco Adaptive Security Appliance (ASA) and Next-Gen Firewall platforms. When exploited, these vulnerabilities can lead to remote execution and denial of service attacks. Cisco has released a security advisory on the issue which describes the vulnerability as critical and urges all Cisco users to patch their devices immediately. Though what exactly is the vulnerability?
The vulnerability is present in the XML parser featured in the ASA and Firepower Threat Defence (FTD) software. The problem arises when the parser is allocating and freeing up memory for XML packets. Using a crafted XML packet, an attacker can exploit the vulnerability leading them to gain control of or reload the system, and stop the processing of VPN authentication requests. In order for a system to be vulnerable, the affected device needs to be configured with Secure Socket Layer (SSL) or Internet Key Exchange version 2 (IKEv2) enabled on the target interface. Cisco’s Product Security Incident Response Team have also reported that the vulnerability is being used in the wild, managed services clients in Ottawa should class patching their Cisco appliances as a high priority.
As the earthquake that was the discovery of Spectre-Meltdown resonated around the world in early January, cloud security was hit with a critical aftershock affecting EMC products. Users of computer services in Ottawa, who run any EMC Networker, Integrated Data Protection appliance, or Avamar, should assess the level of patching as 3 vulnerabilities where discovered that give unauthorized users unfettered access to their system.
CVE-2017-15548 describes vulnerabilities within the EMC software packages that can potentially allow an unauthenticated user to bypass authentication mechanisms and gain unauthorized root access to affected systems. CVE-2017-15549 details vulnerabilities that can allow a user with low privileges to upload files to any location on a server. CVE-2017-15550 tells of a path traversal vulnerability that allows a low privilege user to access files on a server. These attacks require the malicious user to be on the network, but if they already have a presence on the network, it is possible for them to remotely use these vulnerabilities.
Although these vulnerabilities are more than 4 weeks old, clients using IT consulting in Ottawa should no less check to see that, if they are running the affected systems, that they are patched. If patching has to be delayed, ensure to monitor logs for suspicious activity as vulnerabilities like these when exploited, can cause deep problems for your organization.