Cisco hit with software and physical issues

Cisco Systems has been hit with an unusual double-whammy of issues, one of them in software and one in hardware.

First, the more serious issue, a firewall flaw. Security researcher Positive Technologies, which hunts for security vulnerabilities, posted a warning that a vulnerability in Cisco firewall appliances could allow hackers to cause them to fail.

The problem is in the Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls. Forrester Research says there are more than a million of them deployed worldwide. Positive assessed the severity level of vulnerability as high and recommended users should install updates, which are available, as soon as possible.

Positive Technologies’ researcher Nikita Abramov wrote “If hackers disrupt the operation of Cisco ASA and Cisco FTD, a company will be left without a firewall and remote access (VPN). If the attack is successful, remote employees or partners will not be able to access the internal network of the organization, and access from the outside will be restricted.”

He added that an attacker doesn’t need elevated privileges or special access to exploit the vulnerability, just a simple HTTPS request, in which one of the parts will be different in size than expected by the device. Further parsing of the request will cause a buffer overflow, and the system will be abruptly shut down and then restart.

In its own blog post on the subject, Cisco said the vulnerabilities are due to improper input validation of HTTPS requests. An attacker could send a malicious HTTPS request to an affected device causing it to restart, resulting in a denial of service (DoS) condition.

Cisco said exploitation of this vulnerability can cause a memory leak, so users can set an alert to high memory usage as a sign of an attack.

Cisco is aware of the problem, and the blog post tells how to get updates that address them.

Loose Screws

On the more mundane side of things, Cisco has posted an alert warning owners of its Unified Compute Systems (UCS) that the UCS X9508 chassis that houses the servers may have a screw loose. The company said the Power Entry Module (power supply) for a small number of UCS 9508 units might not be screwed in tight in the chassis and could be pulled out when power cord is unplugged from the chassis.

“The captive screws designed to secure the PEM were not correctly tightened and some chassis were shipped with the module improperly secured.” As a result, “The PEM might slide out of the chassis when the power cord is removed.” The PEM has two power cords.

This doesn’t require a patch or download, just a T10 torx head driver. Cisco advises powering down the server but not removing the plugs or PEM before tightening the screws.