CometSoul

make IT easy

  • Bahasa Indonesia
  • English

    • Cisco Warns of New Attack Variant Targeting Vulnerable ASA and FTD Devices

    by

    Juni Artawan
    in

    Cisco has announced a new attack variant that targets devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD). These systems are vulnerable to two serious security issues: CVE-2025-20333 and CVE-2025-20362.

    In an advisory updated on Wednesday (November 5), Cisco explained that the attacks may cause unpatched devices to restart unexpectedly, leading to a denial-of-service (DoS) condition. The company urges all customers to install the available security updates as soon as possible.

    These two vulnerabilities were first disclosed in late September 2025, after being exploited as zero-days in a series of attacks distributing malware such as RayInitiator and LINE VIPER, according to the UK’s National Cyber Security Centre (NCSC).

    Details of the Vulnerabilities

    Cisco reports that successful exploitation of CVE-2025-20333 allows attackers to execute malicious code as root through specially crafted HTTP requests. Meanwhile, CVE-2025-20362 enables attackers to access restricted URLs without authentication.

    Two Additional Critical Flaws in Unified Contact Center Express

    In the same security update, Cisco also patched two critical vulnerabilities in Unified Contact Center Express (Unified CCX). These flaws could allow remote, unauthenticated attackers to upload arbitrary files, bypass authentication, execute arbitrary commands, and escalate privileges to root.

    The vulnerabilities, discovered by security researcher Jahmel Harris, are identified as:

    • CVE-2025-20354 (CVSS 9.8) – A flaw in the Java Remote Method Invocation (RMI) process of Unified CCX that allows attackers to upload files and execute commands with root privileges.
    • CVE-2025-20358 (CVSS 9.4) – A vulnerability in the CCX Editor application that lets attackers bypass authentication and obtain administrative rights to create and execute scripts.

    Cisco has released patches for these issues in the following versions:

    • Unified CCX 12.5 SU3 and earlier – fixed in 12.5 SU3 ES07
    • Unified CCX 15.0 – fixed in 15.0 ES01

    No Evidence of Active Exploitation Yet

    At this time, Cisco states that there is no evidence of active exploitation of the three newly patched vulnerabilities. However, the company emphasizes the importance of applying the security updates promptly to ensure maximum protection.

    Source:
    https://thehackernews.com/2025/11/cisco-warns-of-new-firewall-attack.html