The Cybersecurity and Infrastructure Security Agency has published an emergency directive to warn against attackers targeting vulnerabilities affecting Cisco Adaptive Security Appliances, or ASA, web services.
In the memo issued Thursday, CISA said all federal civilian executive branch departments and agencies must take actions to prevent or respond to compromises.
For more updates from CISA and the entirety of the Homeland Security Department, make sure to send the best and brightest from your GovCon company to Potomac Officers Club’s 2025 Homeland Security Summit on Nov. 12. Register for this essential networking and technology conference now!
“As the lead for federal cybersecurity, CISA is directing federal agencies to take immediate action due to the alarming ease with which a threat actor can exploit these vulnerabilities, maintain persistence on the device, and gain access to a victim’s network,” according to Madhu Gottumukkala, the agency’s acting director. “The same risks apply to any organizations using these devices. We strongly urge all entities to adopt the actions outlined in this Emergency Directive.”
Table of Contents
Details of the Cisco ASA Vulnerability
CISA confirmed a widespread campaign targeting Cisco ASA and Firepower devices through zero-day vulnerabilities that allow remote code execution and privilege escalation.
According to Cisco, the campaign is connected to the ArcaneDoor cyberattacks the company first detected and reported in early 2024. ArcaneDoor, the company warned, has demonstrated the capability to modify read-only memory, or ROM, to maintain system access despite multiple reboots and software upgrades.
What Agencies Must Do
CISA is directing government agencies and other organizations impacted to account for all in-scope devices, gather forensic data and assess for possible compromises. Agencies are also advised to disconnect end-of-support devices and upgrade software to their latest versions.
Cisco has already released patches to address the vulnerabilities.
