What vulnerabilities in Cisco firewalls are being exploited?

The article states that CISA is tracking active exploitation of two security flaws in Cisco's Adaptive Security Appliance (ASA) software, which powers a range of enterprise-grade firewalls.

How have the Cisco firewall vulnerabilities impacted federal agencies?

According to the article, some federal agencies are still vulnerable to the threats outlined in CISA's directive, despite the agency ordering them to patch their affected systems.

What happened to the Congressional Budget Office (CBO)?

The article reveals that the CBO was recently hacked, allowing suspected foreign hackers to steal the agency's emails and chat logs between lawmakers' offices and CBO researchers. This breach may have been facilitated by an unpatched Cisco firewall at the CBO.

Home / Technology / Cybersecurity Agency Warns of Active Exploitation of Cisco Firewall Flaws

Cybersecurity Agency Warns of Active Exploitation of Cisco Firewall Flaws

13 Nov

•

Summary

CISA tracking active exploitation of Cisco firewall vulnerabilities since September
Some federal agencies still vulnerable despite patch directive
CBO hacked, suspected foreign hackers stole emails and chat logs

Cybersecurity Agency Warns of Active Exploitation of Cisco Firewall Flaws

According to a recent advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), federal government departments are not sufficiently patching their systems to protect against an ongoing hacking campaign targeting Cisco firewalls. CISA stated that it has been "tracking active exploitation" of two security vulnerabilities in Cisco's Adaptive Security Appliance (ASA) software since September.

The agency issued an emergency directive ordering agencies to patch their affected systems, but some departments remain vulnerable to the threats outlined in the directive. While CISA did not disclose which government agencies had been compromised, it urged all organizations using the impacted Cisco devices to update to the latest patch version to avoid exploitation.