Cisco Bug could lead to DoS Condition in Firewall

A vulnerability in Cisco’s firewall products that could be exploited to achieve denial of service. tracked as CVE-2021-34704 with a CVSSv3.0 score of 8.6, was found in the networking giant’s Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls.

Elevated privileges are not required by an attacker to exploit the vulnerability. A simple request in which one of the parts will be different in size than expected by the device to exploit it. Further parsing of the request will cause a buffer overflow and the system will be abruptly shut down and then restarted.

If hackers disrupt the operation of Cisco ASA and Cisco FTD, leading to a disruption in firewall and remote access (VPN) services. If the attack is successful, remote employees or partners will not be able to access the internal network of the organization, and access from the outside will be restricted.

Cisco warns that multiple vulnerabilities were discovered in the web services interface of Cisco ASA and Cisco FTD that could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition, due to improper input validation when parsing HTTPS requests and that an attacker could exploit them by sending a malicious HTTPS request to an affected device.

Cisco has released software updates that address these vulnerabilities but it’s worth noting that there are no workarounds which means you will have to install the software update if you own a device running Cisco ASA or Cisco FTD with a vulnerable AnyConnect or WebVPN configuration.

To determine if Cisco ASA or Cisco FTD has a vulnerable feature configured, users will need to use the show-running-config CLI and check to see if “crypto ikev2 enable client-service port” or “webvn enable” are configured. If this is the case, Cisco recommends that you install its updates as soon as possible to prevent falling victim to any potential attacks exploiting these vulnerabilities.