All news with #cisco asa tag

CISA Orders Feds to Patch Actively Exploited Cisco Flaws

🔒 CISA has ordered U.S. federal agencies to fully patch two actively exploited vulnerabilities in Cisco firewall appliances within 24 hours. Tracked as CVE-2025-20362 and CVE-2025-20333, the flaws permit unauthenticated access to restricted URL endpoints and remote code execution; chained together they can yield full device takeover. The agency emphasized applying the latest updates to all ASA and Firepower devices immediately, not just Internet-facing units.

Cisco Firewall Zero-Days Now Triggering DoS Reboots

⚠️ Cisco warned that two recently patched firewall vulnerabilities (CVE-2025-20362 and CVE-2025-20333) — previously leveraged in zero-day intrusions — are now being abused to force ASA and FTD devices into unexpected reboot loops, causing denial-of-service. The vendor issued updates on September 25 and strongly urged customers to apply fixes immediately. CISA issued an emergency 24-hour directive for U.S. federal agencies and ordered EoS ASA devices to be disconnected. Shadowserver still reports tens of thousands of internet-exposed, unpatched devices.

Nearly 50,000 Cisco Firewalls Exposed to Active Flaws

⚠️More than 48,800 internet-exposed Cisco ASA and FTD appliances remain vulnerable to two remotely exploitable flaws, CVE-2025-20333 and CVE-2025-20362, that allow arbitrary code execution and access to restricted VPN endpoints. Cisco confirmed active exploitation began before patches were available and no workarounds exist. Administrators should restrict VPN web interface exposure, increase logging and monitoring for suspicious VPN activity, and apply vendor fixes immediately.

CISA Orders Agencies to Patch Cisco ASA/FTD Zero-Days

🔔 CISA has issued Emergency Directive 25-03 requiring Federal Civilian Executive Branch agencies to remediate two actively exploited Cisco vulnerabilities, CVE-2025-20333 and CVE-2025-20362, in ASA and FTD devices. Agencies must inventory appliances, collect forensics, disconnect compromised and end-of-support devices, and apply patches by the stated deadlines. Cisco links the exploitation to the ArcaneDoor campaign, which leverages ROMMON manipulation and in-memory backdoors to maintain persistence.

Cisco warns of ASA firewall zero-days under attack

⚠️ Cisco has warned customers of two actively exploited zero-day vulnerabilities affecting Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) software. CVE-2025-20333 enables authenticated attackers to execute arbitrary code remotely, while CVE-2025-20362 allows remote access to restricted URL endpoints without authentication. Cisco's PSIRT reported attempted exploitation and strongly recommends upgrading to fixed software releases.