"The Cybersecurity and Infrastructure Security Agency (CISA) issued an Emergency Directive on Thursday, saying there is "an unacceptable risk" to government systems if Cisco's Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices are left unpatched. Federal agencies have been given just 24 hours to identify affected kit, check logs for compromise, and apply Cisco's fixes. CISA also warned that any ASA boxes hitting end-of-life on September 30 shouldn't just be patched - they need to be yanked off networks for good."
"Cisco released patches for the flaws on Thursday, and warned that when chained together, they could let attackers remotely take complete control of devices. The networking giant has also admitted that it knew these flaws were being exploited as far back as May, when government incident responders called it in to help investigate intrusions on ASA 5500-X firewalls. Attackers were already dropping implants, running commands, and siphoning data - a detail that makes the months-long delay in raising the wider alarm all the more uncomfortable."
CISA issued an Emergency Directive requiring federal agencies to identify affected Cisco ASA and FTD devices, check logs for compromise, and apply patches within 24 hours. CISA advised that ASA devices reaching end-of-life on September 30 must be removed from networks rather than merely patched. The UK's NCSC urged organizations to patch two tracked vulnerabilities, CVE-2025-20333 and CVE-2025-20362, which are being abused to implant malware, execute commands, and potentially exfiltrate data. Cisco released patches and warned that chaining the flaws could permit remote complete control of devices. Cisco assessed with high confidence the exploitation ties to the ArcaneDoor campaign, noting exploitation activity as early as May involving custom implants and persistence mechanisms.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]