Cisco ASA routers and FTD firewalls are currently seeing exploitation attempts from threat actors and bug bounty hunters alike after proof of concept code was posted online last week.
Furthermore, older Cisco systems have also seen renewed attacks in May this year after a hacktivist abused a 2018 bug to overwrite device configurations with a pro-gun manifesto that eventually crashed devices.
The Cisco ASA/FTD attacks
The most recent attacks are, however, those carried out against ASA and FTD devices. These attacks began last week after security firm Positive Technologies posted a simple proof-of-concept (PoC) exploit code on Twitter for CVE-2020-3580, a vulnerability the company discovered and helped patch in October last year.
Destructive hacktivist campaign
In addition to these campaigns last week, some older Cisco devices also saw a series of destructive attacks in May.
Spotted by Lumen’s Black Lotus Labs, the campaign targeted devices that had the Smart Install protocol enabled and accessible over the internet.
Using the old CVE-2018-0171 vulnerability, a mysterious hacktivist gained access to Cisco systems and rewrote their config file with text from a pro-gun manifesto, effectively crashing the devices’ routing engines.