Snodgrass Security Update
Vulnerability Name: Cisco ASA and Cisco FTD Firewall Appliances
(multiple vulnerabilities discovered)
Platform or Software Package(s) Affected: Cisco ASA (prior to version
9.20.3.4) and Cisco FTD Firewall Appliances (prior to version 7.4.2)
Criticality: Highly Critical (9.0–9.9/10 depending on vulnerabilities)
Recommended Action: Update to newer versions provided by Cisco as
soon as possible.
Overview of Concern and Overview of Remediation:
Multiple vulnerabilities with these two products provided by Cisco have
remote code execution vulnerabilities that (if left unpatched) can lead to
complete compromise of the firewall. Some require valid VPN credentials
that can then allow them to compromise the firewall that utilizes the VPN,
while others discovered can allow an unauthenticated attacker the ability to
perform a remote code execution attack against the firewall and
compromise these systems.
