Código HTML do Conteúdo
Post: Global attacks on Cisco devices: Cyber agencies warn of ongoing crisis - Against Invaders - Notícias de CyberSecurity para humanos.
<div>
<div data-element_type="widget" data-id="914a4f5" data-widget_type="shortcode.default">
<div>
<div>
<p><span><b><a href="https://www.redhotcyber.com/post/author/redazione/" target="_blank">Redazione RHC</a>:29 September 2025 10:40</b></span></p>
<p>Major agencies around the world have raised the alarm about a critical threat to network infrastructure: <em>vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower devices have been targeted by a flurry of attacks</em> . The alert follows the issuance of <a href="https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices" target="_blank">Emergency Directive 25-03</a> by the U.S. <strong>Cybersecurity and Infrastructure Security Agency (CISA)</strong> , requiring all <em>federal civilian agencies to urgently review and secure their devices to stop a large-scale attack campaign.</em></p>
<p>The incident involved the exploitation of several previously unknown vulnerabilities in Cisco systems, allowing unauthorized remote execution of arbitrary code and <strong>even ROM modification to maintain control across reboots and updates.</strong> Both <em>ASA and Firepower Threat Defense were affected.</em></p>
<p>Cisco itself, <a href="https://www.redhotcyber.com/post/gli-hacker-colpiscono-gli-stati-uniti-compromesse-infrastrutture-federali-critiche/" target="_blank">as reported in the previous article,</a> links the attack to the <strong>ArcaneDoor</strong> campaign, first registered in 2024. While some modern Firepower protections have a Secure Boot mechanism that can detect tampering, a significant number of ASAs remain completely vulnerable.</p>
<p>The situation has resonated well beyond the United States. The French national cybersecurity agency, CERT-FR, <a href="https://www.cert.ssi.gouv.fr/alerte/CERTFR-2025-ALE-013/" target="_blank">published</a> bulletin <strong>CERTFR-2025-ALE-013</strong> , confirming that vulnerabilities <a href="https://www.redhotcyber.com/servizi/cve/?cve_id=CVE-2025-20333" target="_new _blank">CVE-2025-20333</a> and <a href="https://www.redhotcyber.com/servizi/cve/?cve_id=CVE-2025-20362" target="_new _blank">CVE-2025-20362</a> are being exploited in various versions of ASA and FTD.</p>
<p>The Australian Cyber Security Centre (ACSC) <a href="https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/multiple-vulnerabilities-affecting-cisco-asa-5500-x-series-devices" target="_blank">has recommended that</a> ASA 5500-X owners disable IKEv2 and SSL VPN until patches are available.</p>
<p>The Canadian Cyber Security Centre <a href="https://www.cyber.gc.ca/en/news-events/statement-canadian-centre-cyber-security-malware-targeting-global-organizations-through-cisco-systems" target="_blank">has warned</a> of the <em>global spread of sophisticated malware, particularly dangerous for unsupported devices.</em></p>
<p>Directive 25-03 details the U.S. agencies’ actions. By the end of September, organizations <strong>must submit memory dumps of all publicly accessible ASAs to CISA,</strong> deactivate and register any compromised devices, update all software, and <em>begin decommissioning the equipment, with support expiring on September 30, 2025.</em></p>
<p>For models scheduled for end of support in August 2026, <strong>all updates must be installed within 48 hours of release.</strong> All entities are required to <em>provide CISA with a full progress report and actionable actions by October 2, 2025.</em></p>
<p>These requirements apply not only to equipment located directly at federal agencies, <em>but also to third-party service and cloud infrastructure, including FedRAMP providers</em> . Agencies remain responsible for compliance across all environments. For those lacking the necessary technical resources, <strong>CISA has offered specialized assistance.</strong></p>
<p>Subsequently, by February 1, 2026, a report on the directive’s implementation will be submitted to the U.S. Department of Homeland Security, the <em>National Director of Cyber Policy, the Office of the Bureau of Investigation (OMB)</em> , and <em>the Office of the Federal CISO.</em> Private and foreign companies are also strongly advised to follow the same data collection and <em>compromise search process to identify potential signs of exploitation.</em></p>
<p>Therefore, the entire Cisco ASA ecosystem is at risk, including legacy models that are not receiving updates.</p>
<p>International warnings emphasize <em>that this is a large-scale global attack, capable of disabling critical systems if immediate action is not taken.</em></p>
<div>
<div>
<div>
<div>
<p><b><span>Redazione</span></b><br /><span>The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.</span></p>
<p><a href="https://www.redhotcyber.com/post/author/redazione/" target="_blank">Lista degli articoli</a></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div></div>