Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
396
Views
4
Helpful
6
Replies

ASA Software Leaked?

jaysoo
Level 1
Level 1

‎04-29-2024 01:57 PM

Is there any truth to the rumor that ASA software has been leaked, encryption reverse-engineered etc.? Just wondered if it's true or nonsense. I guess this might get deleted, which would be an answer of a sort I suppose.

6 Replies 6

Ruben Cocheno
Spotlight
Spotlight

‎04-29-2024 03:18 PM

@jaysoo 

Nahhh, it doesn't seem the case so we all good for now

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/
0 Helpful

jaysoo
Level 1
Level 1
In response to Ruben Cocheno

‎04-29-2024 03:55 PM - edited ‎04-29-2024 03:58 PM

Is that an official Nahhh, or just as far as you know?

I'm way behind on getting my ASAs upgraded, so I was a bit concerned.

Edit: Interesting that they don't allow emojis here, even text ones. Bit of a humorless bunch I guess.

 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to jaysoo

‎04-30-2024 01:22 AM

The software is commercially available so it is easily obtained and studied by hostile actors as well as "white hat" hackers. When a vulnerability is discovered, it goes through a standard process for analysis, including PSIRT (Product Security Incident Response Team) and CVE (Common Vulnerabilities and Exposures) scoring if applicable. The various public notices, security advisories and release notes comprise the "official" Cisco response to this sort of thing.

jaysoo
Level 1
Level 1
In response to Marvin Rhoads

‎05-01-2024 01:12 PM

Thanks for the info. I'm not a programmer, so I'm not sure if having the actual source code out there is more of problem than having a copy of the OS. I guess software can be decompiled anyway, so maybe it's a dumb question on my part, not sure.

0 Helpful

Sheraz.Salim
VIP
VIP

‎04-30-2024 01:56 AM

In the realm of cybersecurity, it's not uncommon for vulnerabilities to be discovered, exploits to be developed, and rumors to circulate. It's always a good idea to stay updated on security advisories from reputable sources such as the vendor's official channels cisco vulnerabilities  , security blogs, or CVE databases to ensure you have the latest information to protect your systems.

Also Advanced Persistent Threats (APTs) are a significant concern in the realm of cybersecurity. APTs involve targeted attacks by well-funded and highly skilled adversaries who aim to gain unauthorized access to systems and maintain that access over an extended period, often for espionage or sabotage purposes. These attackers typically employ a variety of sophisticated techniques, including exploiting vulnerabilities, reverse engineering encryption, and leveraging zero-day vulnerabilities.

you might have miss-understood it. There is a vulnerbaitlites exposed https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_attacks_event_response

please do not forget to rate.

jaysoo
Level 1
Level 1
In response to Sheraz.Salim

‎05-01-2024 01:08 PM

No, I didn't misunderstand anything. I had seen comments elsewhere online regarding what I asked about. I know it's common for vulnerabilities to be discovered, that's pretty much a daily thing in IT.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card