US CERT has just posted Cisco Releases Security Advisory, with a link to Cisco’s notice: Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability.
An expert with Corero Network Security offers perspective.
Sean Newman, Director Product Management at Corero Network Security:
“The recent exposure of an inherent DoS flaw in Cisco’s ASA/FirePower software is a great example of why it’s now so important to deploy dedicated DDoS protection. The latest generation of DDoS protection solutions are typically deployed right at the very edge of any network, where it connects to the Internet, protecting any stateful infrastructure devices, such as routers and firewalls, from the damaging effects of modern DDoS attacks. Whether it’s known state exhaustion attacks, or zero-day attacks exploiting newly discovered device vulnerabilities, modern DDoS protection can automatically shield those devices from the attacks which could cripple them, even without those vulnerabilities having been patched.”