topic Re: ASA Software Leaked? in Network Security

ASA Software Leaked?

jaysoo — Mon, 29 Apr 2024 20:57:17 GMT

Is there any truth to the rumor that ASA software has been leaked, encryption reverse-engineered etc.? Just wondered if it's true or nonsense. I guess this might get deleted, which would be an answer of a sort I suppose.

Re: ASA Software Leaked?

Ruben Cocheno — Mon, 29 Apr 2024 22:18:35 GMT

@jaysoo

Nahhh, it doesn't seem the case so we all good for now 🙂

Re: ASA Software Leaked?

jaysoo — Mon, 29 Apr 2024 22:58:36 GMT

Is that an official Nahhh, or just as far as you know? 🙂 🙂

I'm way behind on getting my ASAs upgraded, so I was a bit concerned.

Edit: Interesting that they don't allow emojis here, even text ones. Bit of a humorless bunch I guess.

Re: ASA Software Leaked?

Marvin Rhoads — Tue, 30 Apr 2024 08:22:39 GMT

The software is commercially available so it is easily obtained and studied by hostile actors as well as "white hat" hackers. When a vulnerability is discovered, it goes through a standard process for analysis, including PSIRT (Product Security Incident Response Team) and CVE (Common Vulnerabilities and Exposures) scoring if applicable. The various public notices, security advisories and release notes comprise the "official" Cisco response to this sort of thing.

🙂

Re: ASA Software Leaked?

Sheraz.Salim — Tue, 30 Apr 2024 08:56:43 GMT

In the realm of cybersecurity, it's not uncommon for vulnerabilities to be discovered, exploits to be developed, and rumors to circulate. It's always a good idea to stay updated on security advisories from reputable sources such as the vendor's official channels cisco vulnerabilities , security blogs, or CVE databases to ensure you have the latest information to protect your systems.

Also Advanced Persistent Threats (APTs) are a significant concern in the realm of cybersecurity. APTs involve targeted attacks by well-funded and highly skilled adversaries who aim to gain unauthorized access to systems and maintain that access over an extended period, often for espionage or sabotage purposes. These attackers typically employ a variety of sophisticated techniques, including exploiting vulnerabilities, reverse engineering encryption, and leveraging zero-day vulnerabilities.

you might have miss-understood it. There is a vulnerbaitlites exposed https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_attacks_event_response

Re: ASA Software Leaked?

jaysoo — Wed, 01 May 2024 20:08:25 GMT

No, I didn't misunderstand anything. I had seen comments elsewhere online regarding what I asked about. I know it's common for vulnerabilities to be discovered, that's pretty much a daily thing in IT.

Re: ASA Software Leaked?

jaysoo — Wed, 01 May 2024 20:12:46 GMT

Thanks for the info. I'm not a programmer, so I'm not sure if having the actual source code out there is more of problem than having a copy of the OS. I guess software can be decompiled anyway, so maybe it's a dumb question on my part, not sure.