Cisco has released a security advisory regarding numerous, serious vulnerabilities discovered in its Adaptive Security Appliance (ASA) firewall software. Our Cisco Certified Security Professional Jeff Mertz has analyzed this advisory in detail on Cisco ASA firewall security. Based on the configurations and documentation in our records, we have determined the following:
- Our managed service (Your Net) clients are not affected.
- The vast majority of our other (non-managed service) clients are also not at risk. We have sent out an email communication to these clients. We are in direct contact with a select few clients who may need software updates.
However, if you are a non-managed service client with a Cisco ASA firewall whose software has been modified by an internal staff member or other supplier since the initial Safety Net install, you could be vulnerable and security updates are recommended. Cisco has released patches and workarounds that address the discovered vulnerabilities.
It is important to note that no actual bugs have been reported yet related to this flaw. So, we do not believe any potentially affected clients’ data is at immediate risk. These flaws should not expose your data, but could cause downtime or damage to the firewall.
If you do not have a technical staff member who is trained in Cisco ASA firewall security, contact our Support Team so they can evaluate any potential risk and update your software (if needed) to patch this flaw.