Security Alert! Is your practice using a Cisco ASA Firewall?

Last week Cisco announced an advisory for a very serious vulnerability that exists with their ASA Security Appliances that could allow a hacker to reboot and modify the firewall configuration.

If your practice is using one of the devices affected by this vulnerability, your IT Department should already be working to apply the ASA software update/patch.

The list of devices affected are:

• Cisco ASA 5500 Series Adaptive Security Appliances
• Cisco ASA 5500-X Series Next-Generation Firewalls
• Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
• Cisco ASA 1000V Cloud Firewall
• Cisco Adaptive Security Virtual Appliance (ASAv)
• Cisco Firepower 9300 ASA Security Module
• Cisco ISA 3000 Industrial Security Appliance

This is such a critical security issue that Cisco is even making the security patch available to customers who DO NOT have a SmartNet Service Contract.

Below is an excerpt from Cisco:

Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco Technical Assistance Center (TAC):
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.

For a detailed description of this critical vulnerability, please reference the following Cisco URL:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike

Please note that older Cisco ASA devices will also need to upgrade their software to the latest version. If your Cisco ASA Firewall is running 8.3 version or older, a complete reconfiguration of the firewall may be required.

If you need help upgrading your Cisco ASA software, please do not hesitate to contact Texas Systems Group.  We are available to work with you to ensure your practice’s security.