NetWorks Group Blog

Critical Vulnerability Advisory: Cisco ASA Remote Code Execution & DOS Vulnerability - Updated - Additional Patching Required

Posted by NetWorks Group on Feb 5, 2018 2:08:51 PM

Cisco ASA Remote Code Execution & DOS Vulnerability

Release Date (01-29-2018) - Updated (02-05-2018) CVE#-2018-0101

Affected Products - Must have WebVPN enabled to be vulnerable

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 4120 Security Appliance
  • Firepower 4140 Security Appliance
  • Firepower 4150 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD)
  • FTD Virtual

Vulnerability Details

After further investigation, Cisco has identified additional attack vectors and features that are affected by this vulnerability. In addition, it was also found that the original fix was incomplete so new fixed code versions are now available.

Read More

Topics: Information Security, Threat Advisory

Critical Vulnerability Advisory: Cisco ASA Remote Code Execution & DOS Vulnerability

Posted by NetWorks Group on Jan 30, 2018 4:05:47 PM

Cisco ASA Remote Code Execution & DOS Vulnerability

Release Date (01-29-2018) CVE#-2018-0101

Affected Products - Must have WebVPN enabled to be vulnerable

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD)

Vulnerability Details

This vulnerability affects an unknown function of the SSL VPN component within the ASA. The vulnerability is triggered when an attacker attempts to double free a section of memory when the VPN component is active on the ASA. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system.

Read More

Topics: Information Security, Threat Advisory

Spectre & Meltdown: Important Vulnerability Advisory

Posted by Amanda Berlin on Jan 4, 2018 4:09:27 PM

Spectre 

Release Date (01-03-18) CVE-2017-5753 & CVE-2017-5715

Read More

Topics: Ethical Hacking, Threat Management, Threat Advisory

KRACK Vulnerability: Details and Moving Forward

Posted by Matt Warner on Oct 18, 2017 9:10:00 AM

KRACK or Key Reinstallation Attack is a vulnerability in the WPA2 wireless security protocol. The majority of wi-fi network implementations at this time are vulnerable to this attack as it exploits the protocol itself and not any specific brand or solution. As a whole, KRACK is focused around clients more than it is on APs, however, both need to be appropriately updated to avoid the vulnerabilities that make up KRACK. Do not change to different encryption schemes as opposed to maintaining an already stable implementation of WPA2, as it is still more secure than WEP or WPA despite this vulnerability.

Read More

Topics: Ethical Hacking, Threat Management, Threat Advisory

Equifax breach: A learning opportunity to get ahead of the constant threats

Posted by Amanda Berlin on Sep 8, 2017 12:10:43 PM

If you haven’t heard already, Equifax one of the “big-three” U.S. credit bureaus has announced a data breach that may have affected 143 million Americans, including consumer Social Security numbers, birth dates, addresses and some driver’s license numbers. For a good rundown of what has transpired so far, Krebs on Security has a solid in-depth article on it here. Every time there is a breach in the news, most other outlets swarm to a few different types of articles. Some popular directions are attribution, defense advice, or sensationalist journalism.

Read More

Topics: Managed Detection & Response, Ethical Hacking, Information Security, Threat Advisory

Healthcare vs. Hackers: Nobody has Died (Yet)

Posted by Scot Armstrong on Aug 16, 2017 10:11:20 AM

A few years back I had a lunch meeting with two IT Security veterans. One remarked, “There’s been no Pearl Harbor or 9/11 in cyber security. Nobody has ever died because of hacking.” If there was, there would have been a “rallying cry” or a massive response.

Read More

Topics: Information Security, Threat Management, Threat Advisory, Healthcare

VENOM - Xen, KVM, and QEMU Virtualization - High Vulnerability Advisory

Posted by NetWorks Group on May 13, 2015 10:24:00 AM

VENOM (Virtualized Environment Neglected Operations Manipulation)

If you are currently utilizing Xen, KVM or QEMU virtualization products you need to apply patches. VMware and Microsoft Hyper-V virtualization products are not affected.

Read More

Topics: Threat Hunting, Vulnerability Management, Threat Management, Threat Advisory

Cisco UCS Central Software - Critical Vulnerability Advisory

Posted by NetWorks Group on May 8, 2015 9:08:00 AM

Affected Product
Cisco UCS Central Software versions 1.2 and earlier

If you are currently running Cisco UCS Central Software you should update the software immediately.

Read More

Topics: Device Management, Information Security, Threat Advisory

Subscribe to our blog!