Cisco tells firewall users to update now or potentially miss vital security updates

Both Cisco physical firewalls, and FirePOWER cloud instances, are required to patch up immediately

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cisco Firepowerfirewallusers have been warned to update their devices, within the next few days or miss out on important cybersecurity updates.

The company issued a Field Notice, in which it states that the SSL certificate authority, used to sign certificates for Talos security intelligence updates, will be invalidated on March 5, 2022.

These certificates deliver Ciscoendpointsa list ofmalwaredistributors, spammers, botnets, and phishing attackers, eliminating the need for administrators to secure their devices manually.

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a£100 Amazon gift card(or equivalent in USD). Thank you for taking part.

Click here to start the survey in a new window«

Short notice

But after the certificate authority change, some Firepower devices will no longer be eligible for these updates. The Cisco Vulnerability Database, and the Geolocation Database, will keep getting updates, it was said.

The full list of affected devices can be foundhere, and it includes FirePOWER Services Software for ASA, Firepower Threat Defense (FTD) Software, Firepower Management Center Software, and Firepower 6.1.x - 7.1.x.

Both physical firewalls, and FirePOWER cloud instances, are required to patch up.

Reporting on the news, the Register calls the March 5 deadline an “unpleasantly short notice,” but probably achievable in time, given that the updates are already available for download. However, Firepower 7.1.x users should be on high alert, as their devices are yet to receive the update.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

It was planned for release “by March 1, 2022,” Cisco said.

Cisco vulnerability could cause your firewalls to fail>Cisco firewall vulnerability could give attackers keys to the kingdom>Cisco fixes critical authentication bypass bug in its enterprise software

The deadline is right around the corner, and admins could argue that cybercriminals aren’t exactly waiting for the floodgates to open, to start compromising unpatched firewalls. However, Cisco’s devices are often on the crooks’ radar.

In November last year, a security researcher has discovered a vulnerability in Cisco’s firewall products that could be exploited to achieve denial of service (DoS).

The vulnerability, tracked as CVE-2021-34704 has had a CVSSv3.0 score of 8.6, and was found in the networking giant’s Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls.

Via:The Register

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

This super-cheap HP Victus 15 gaming laptop just dropped to its lowest price yet