"In May 2024, Cisco patched two vulnerabilities in its Adaptive Security Appliance (ASA) firewall platform that had been exploited as zero-days in a state-sponsored campaign tracked as ArcaneDoor."
"CISA's updated directive is accompanied by instructions on the core dumps and by a deep dive into the Firestarter backdoor, which was identified as the malware used in these attacks."
"According to CISA, at least one federal agency was infected with Firestarter through the exploitation of a Firepower device vulnerable to CVE-2025-20333 and CVE-2025-20362."
Cisco's Adaptive Security Appliance (ASA) firewall platform was targeted in a China-linked espionage campaign, resulting in multiple zero-day vulnerabilities. CISA issued Emergency Directive 25-03, urging federal agencies to patch affected devices and verify potential compromises. The directive highlighted that patching does not eliminate the Firestarter backdoor malware. Agencies must upload core dumps for verification and perform hard resets by specified deadlines. The vulnerabilities impacted various Cisco firewall series, emphasizing the urgency of addressing these security risks to prevent further exploitation.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]