1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • US Government tells agencies to patch Cisco firewalls immediately

    From TechnologyDaily@1337:1/100 to All on Fri Sep 26 14:30:09 2025
    US Government tells agencies to patch Cisco firewalls immediately, or face attack

    Date:
    Fri, 26 Sep 2025 13:23:00 +0000

    Description:
    A state-sponsored attacker is leveraging two zero-days to establish persistence.

    FULL STORY ======================================================================CISA warns of active exploitation of two critical Cisco vulnerabilities Attackers modify ROM to persist across reboots; linked to state-sponsored group ArcaneDoor Agencies must patch, analyze, and report Cisco device status by October 2, 2025

    The US Cybersecurity and Infrastructure Security Agency (CISA) is urging government agencies to address two worrying Cisco security vulnerabilities, warning threat actors are actively exploiting the flaws.

    As per Emergency Directive 25-03 , published on September 25, 2025, CISA said there is a widespread attack campaign targeting Cisco Adaptive Appliances and Firepower firewall devices.

    In the campaign, the attackers are modifying read-only memory (ROM) to
    persist across reboots and upgrades. To achieve this persistence, threat actors are leveraging two flaws: CVE-2025-20333 (remote code execution), and CVE-2025-20362 (privilege escalation). While the latter has a medium rating (6.3/10), the former is deemed critical, with a 9.9/10 score. State activity

    To make matters worse, Cisco believes the issues two are being exploited by a group tracked as ArcaneDoor (or Storm-1849 by Microsoft).

    The cybersecurity community believes ArcaneDoor to be a state-sponsored
    threat actor, but it is yet unknown which state it belongs to.

    Cisco assesses that this campaign is connected to the ArcaneDoor activity identified in early 2024 and that this threat actor has demonstrated a capability to successfully modify ASA ROM at least as early as 2024, CISA
    said in the report.

    Now, federal agencies must act quickly and defend their infrastructure, or risk getting attacked.

    That includes running inventory of all Cisco ASA and Firepower devices, running forensic analysis using CISAs core dump and hunt instructions, disconnecting compromised or end-of-life devices, and applying updates. After that, agencies are ordered to report their findings and inventory back to
    CISA by October 2, 2025.

    In the meantime, both vulnerabilities were added to CISAs Known Exploited Vulnerabilities (KEV) catalog, giving federal agencies a three-week deadline (until October 16) to patch up or stop using the vulnerable tools altogether.

    CISA did not mention who ArcaneDoor is targeting, but generally speaking, besides government and public sector organizations, Ciscos ASA and Firepower devices are widely used by enterprises and corporations, managed security service providers, and education & research firms. You might also like Cisco warns zero-day vulnerability exploited in attacks on IOS software Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/us-government-tells-agencies-to-patch-c isco-firewalls-immediately-or-face-attack


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)