Cisco has issued a warning about vulnerabilities in its Cisco Adaptive Security Appliance (ASA) software and Cisco Firepower Threat Defense (FTD), which can be exploited through brute force password attacks on Cisco hardware firewalls that use these software. To successfully launch an attack, two conditions must be met: there must be at least one user with a password stored in the local database, and SSL VPN must be enabled on the system’s interface.
Security firm Rapid7’s researchers reported that this type of brute force attack has been occurring since March, targeting at least 11 organizations. The attacks focus on devices that do not have multi-factor authentication (MFA) enabled, as once the brute force attack is successful, the attackers gain access.
Currently, there is no patch available, but Cisco recommends implementing certain measures to mitigate the risk. These measures include configuring dynamic access policy (DAP) or disabling remote access VPN in some cases, as well as enforcing the use of MFA.
TLDR: Cisco has warned about vulnerabilities in its ASA and FTD software that can be exploited through brute force attacks on Cisco hardware firewalls. The attacks target devices without MFA enabled and have been ongoing since March. Cisco recommends implementing measures such as DAP and enforcing MFA to mitigate the risk.