Cisco ASA/FTD Web Services Denial of Service Vulnerability
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This section explains the vulnerability in everyday language, so anyone can understand the risk and impact.
This security flaw affects Cisco's popular firewall products (ASA and FTD). When these devices have their web interface enabled, an attacker from the internet can send specially crafted network requests that could crash the device or make it stop working properly. This doesn't give the attacker control of the firewall, but it could disrupt network operations and require the device to be restarted.
The vulnerability has gained attention as part of the 'ArcaneDoor' campaign, where attackers are actively trying to exploit this and similar weaknesses in Cisco devices. This is particularly concerning because these firewalls are often used by large organizations to protect their networks.
Affected Products
Remediation
1. Upgrade to the latest ASA or FTD software version that includes the security fix
2. If immediate upgrade is not possible, disable the web services interface if not required
3. Implement access control lists (ACLs) to restrict access to the web services interface to trusted IP addresses only
4. Monitor for suspicious activity targeting the web interface
Sources & References
- vendorCisco Security Advisory
- advisoryCISA KEV Catalog