• Hello and welcome! Register to enjoy full access and benefits:

    • Advertise in the Marketplace section for free.
    • Get more visibility with a signature link.
    • Company/website listings.
    • Ask & answer queries.
    • Much more...

    Register here or log in if you're already a member.

  • 🎉 WHV has crossed 14,000 monthly views and 157,000 clicks per month, as per Google Analytics! Thank you for your support! 🎉

CISA Orders U.S. Agencies to Patch Cisco Flaws Exploited in Zero-Day Attacks

johny899

New Member
Content Writer
Messages
371
Reaction score
3
Points
23
Balance
$398.4USD
Do you know that just a single security flaw can threaten significant networks? The Cybersecurity and Infrastructure Security Agency (CISA) just instructed U.S. government organizations to fix vulnerabilities in Cisco firewall products that hackers are already using. This is a hurry - they expect corrective actions will happen promptly.

What are the affected Cisco appliances?​

Cisco ASA and Firepower Threat Defense (FTD) appliances are affected by vulnerabilities. Two of the vulnerabilities, CVE-2025-20333 and CVE-2025-20362, could allow attackers to:

  • Remotely execute code on the device with no authentication
  • Persist malicious code in device memory so that it executes on reboot or upgrades of the device
Affected parties shall remediate the vulnerabilities in ASA and Firepower appliances by September 26, and implement the removal of end of support devices by September 30.

Mechanism of the attacks​

Hackers are focusing on specific devices that have unsecured boot settings. They make use of malware such as LINE VIPER and a bootkit named RayInitiator to:

  • Gain control of the devices
  • Run commands to steal information
  • Remain on the device even after restarting it
In some attacks, they will also disable logs, or crash the device to obstruct what they've been doing.

The ArcaneDoor campaign​

The ArcaneDoor campaign is the name of these attacks, which has been going on since November of 2023. The attackers are also said to be associated with a group called UAT4356, and they have taken advantage of flaws present in previous versions to breach networks around the world.

They also deploy new malware known as Line Dancer (which loads malicious code in memory) and Line Runner (a backdoor) in order to maintain control over the infected devices.

What agencies should do now​

According to CISA agencies must:

  • Review each Cisco ASA/firepower device
  • Document evidence of a device being hacked
  • Isolate hacked devices and remediate as soon as possible
  • Remove deprecated/un-supported devices

Important points​

This must be seen as a serious warning: as many of you know, trusted collectors of devices as Cisco firewalls are hackable. Cybersecurity is never optional. Networks require immediate patching, consistent monitoring and defense-in-depth.

If you are a network owner, attention: hackers are quick, and one device fingerprinted by a security update could lead to disaster for you.
 
You must log in or register to reply here.
Menu
Log in
Register