04-29-2024 01:57 PM
Is there any truth to the rumor that ASA software has been leaked, encryption reverse-engineered etc.? Just wondered if it's true or nonsense. I guess this might get deleted, which would be an answer of a sort I suppose.
04-29-2024 03:18 PM
Nahhh, it doesn't seem the case so we all good for now
04-29-2024 03:55 PM - edited 04-29-2024 03:58 PM
Is that an official Nahhh, or just as far as you know?
I'm way behind on getting my ASAs upgraded, so I was a bit concerned.
Edit: Interesting that they don't allow emojis here, even text ones. Bit of a humorless bunch I guess.
04-30-2024 01:22 AM
The software is commercially available so it is easily obtained and studied by hostile actors as well as "white hat" hackers. When a vulnerability is discovered, it goes through a standard process for analysis, including PSIRT (Product Security Incident Response Team) and CVE (Common Vulnerabilities and Exposures) scoring if applicable. The various public notices, security advisories and release notes comprise the "official" Cisco response to this sort of thing.
05-01-2024 01:12 PM
Thanks for the info. I'm not a programmer, so I'm not sure if having the actual source code out there is more of problem than having a copy of the OS. I guess software can be decompiled anyway, so maybe it's a dumb question on my part, not sure.
04-30-2024 01:56 AM
In the realm of cybersecurity, it's not uncommon for vulnerabilities to be discovered, exploits to be developed, and rumors to circulate. It's always a good idea to stay updated on security advisories from reputable sources such as the vendor's official channels cisco vulnerabilities , security blogs, or CVE databases to ensure you have the latest information to protect your systems.
Also Advanced Persistent Threats (APTs) are a significant concern in the realm of cybersecurity. APTs involve targeted attacks by well-funded and highly skilled adversaries who aim to gain unauthorized access to systems and maintain that access over an extended period, often for espionage or sabotage purposes. These attackers typically employ a variety of sophisticated techniques, including exploiting vulnerabilities, reverse engineering encryption, and leveraging zero-day vulnerabilities.
you might have miss-understood it. There is a vulnerbaitlites exposed https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_attacks_event_response
05-01-2024 01:08 PM
No, I didn't misunderstand anything. I had seen comments elsewhere online regarding what I asked about. I know it's common for vulnerabilities to be discovered, that's pretty much a daily thing in IT.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide