Cisco Firepower firewall users have been warned to update their devices, within the next few days or miss out on important cybersecurity updates.
The company issued a Field Notice, in which it states that the SSL certificate authority, used to sign certificates for Talos security intelligence updates, will be invalidated on March 5, 2022.
These certificates deliver Cisco endpoints a list of malware distributors, spammers, botnets, and phishing attackers, eliminating the need for administrators to secure their devices manually.
Short notice
But after the certificate authority change, some Firepower devices will no longer be eligible for these updates. The Cisco Vulnerability Database, and the Geolocation Database, will keep getting updates, it was said.
The full list of affected devices can be found here, and it includes FirePOWER Services Software for ASA, Firepower Threat Defense (FTD) Software, Firepower Management Center Software, and Firepower 6.1.x – 7.1.x.
Both physical firewalls, and FirePOWER cloud instances, are required to patch up.
Reporting on the news, the Register calls the March 5 deadline an “unpleasantly short notice,” but probably achievable in time, given that the updates are already available for download. However, Firepower 7.1.x users should be on high alert, as their devices are yet to receive the update.
It was planned for release “by March 1, 2022,” Cisco said.
The deadline is right around the corner, and admins could argue that cybercriminals aren’t exactly waiting for the floodgates to open, to start compromising unpatched firewalls. However, Cisco’s devices are often on the crooks’ radar.
In November last year, a security researcher has discovered a vulnerability in Cisco’s firewall products that could be exploited to achieve denial of service (DoS).
The vulnerability, tracked as CVE-2021-34704 has had a CVSSv3.0 score of 8.6, and was found in the networking giant’s Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls.
Via: The Register
