cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3795
Views
0
Helpful
9
Comments
roesch4alc
Level 1
Level 1

Hello Community,

 

I´m wondering how someone would manage to secure a ASA5505 with the latest patches, for example considering these vulnerabilities:

 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-sd-cpu-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-csrf

 

There seems to be no Software available in the download portal. How/Where do I get the software?

 

Appreciate any help/tips.

 

Thanks!

Comments
balaji.bandi
Hall of Fame
Hall of Fame
ASA 5505 was End of Sale and End of support Aug 2020. The latest version of ASA Code avaulable for 5505 was 9.2.4 only as of now, of you are effecting with that bug ( as per the the URL it was not effected on the 9.2.4) If you having issue with the same behaviour and have smartnet contract with cisco, raise an TAC for advise or alternative method to fix the issue.
roesch4alc
Level 1
Level 1
Hello, correctly it´s like that: End Of Support: 25.08.2017 Last Date of Support: HW 31.08.2022 So its still supported, with a service contract. I can´t find the place where it is mentoned, that it is not affected. Actually I can find this in both caveats: "Cisco ASA Software releases prior to Release 9.4 and Cisco ASA Software Releases 9.5 and 9.7 have reached end of maintenance. Customers should migrate to a supported release that includes the fix for this vulnerability." So it should mean, affected. So I think this software is not downloadable, as it should be. Thanks.
balaji.bandi
Hall of Fame
Hall of Fame
As i have suggested, if you are impacted wit that Bug mentioned ( we have seen the symptom that, the ASA reloading Automatically - which is public interfacing only) is this same case with you. There is no update i have seen for 9.2.x (personally) - that is the reason i have suggested that, if you enountering the service impact worth contact TAC for solution or advise.
Marvin Rhoads
Hall of Fame
Hall of Fame

The product hardware is still supported but that does not mean that software updates will be available until the last day of hardware support. ASA software was only developed for the ASA 5505 though version 9.2. Reference:

https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html#id_59421

Please refer to the ASA 9.1 and 9.2 EoS/EoL announcements:

https://www.cisco.com/c/en/us/products/collateral/security/asa-firepower-services/eos-eol-notice-c51-738645.html

https://www.cisco.com/c/en/us/products/collateral/security/asa-firepower-services/eos-eol-notice-c51-738647.html

Specifically, they state:

End of SW Maintenance Releases Date:
OS SW

The last date that Cisco Engineering may release any final software maintenance releases or bug fixes. After this date, Cisco Engineering will no longer develop, repair, maintain, or test the product software.

August 25, 2018

ASA 9.1(7)32 was released on 12 September 2018 and ASA 9.2(4)33 on 8 May 2018, fulfilling the announcement terms. Any software defect identified after that date will not be patched.

You need to migrate to new hardware to continue to have up to date protection against not only software defects, but also to have protection against current threats.

 

 

roesch4alc
Level 1
Level 1
@marvin:I am just refering to the official dates from cisco. Regarding the software, I know, that in the moment only 9.1 and 9.2 is available and mantained for the 5505, but that is not a customers issue. It is possible to officially have Support until 20.11.2021 and so Cisco has and should also solve the issues in software for this hardware aswell. Otherwise where is it stated, that it is not like that? Of course we are not talking about that 3 simple L3 FW should be considered as not to be sufficient for todays protection requirements. But for simple services like vpn, with no further requirements there are not big differences between the asa and, right? There are also some reasons, why running ASA Code on FTDs is still possible....
Marvin Rhoads
Hall of Fame
Hall of Fame

Well Cisco isn't going to release any new software for the ASA 5505.  The small amount they are making from the few customers who continue to have hardware support doesn't justify the resources to maintain the code base for that older platform.

This may make some customers unhappy, but that's the decision they've made.

roesch4alc
Level 1
Level 1
Ok, I didn´t know about that decision. Do you extract this from the fact, that there is actually no new software available, or are there specific statements from cisco?
Marvin Rhoads
Hall of Fame
Hall of Fame

@roesch4alc - I don't have this in so many words from Cisco but I know this based on working with Cisco firewalls almost every day for the past 10+ years.

QuietBeetle
Level 1
Level 1

@MyPrepaidCenter wrote:

Hello Community,

 

I´m wondering how someone would manage to secure a ASA5505 with the latest patches, for example considering these vulnerabilities:

 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-sd-cpu-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-csrf

 

There seems to be no Software available in the download portal. How/Where do I get the software?

 

Appreciate any help/tips.

 

Thanks!


Regarding the software, I know, that in the moment only 9.1 and 9.2 is available and mantained for the 5505, but that is not a customers issue. It is possible to officially have Support until 20.11.2021 and so Cisco has and should also solve the issues in software for this hardware aswell. Otherwise where is it stated, that it is not like that? Of course we are not talking about that 3 simple L3 FW should be considered as not to be sufficient for todays protection requirements.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: