Security patches: Cisco closes attack points in firewalls
Attackers can target Cisco firewalls and take them out of service via DoS attacks, among other things.
(Image: Michael Vi/Shutterstock.com)
The network equipment supplier Cisco is closing various vulnerabilities in its firewalls and associated software with security updates. After successful attacks on the leaks, attackers can completely compromise devices in the worst-case scenario. Even if there are currently no reports of ongoing attacks, admins should not delay patching for too long.
Breaking into networks possible
The most dangerous vulnerability is a “critical” vulnerability (CVE-2025-20265) with the highest score (CVSS score 10 out of 10). It affects the Secure Firewall Management Center. According to the warning, the vulnerability can be found in the way the RADIUS authentication standard is implemented. However, according to Cisco, systems are only vulnerable if RADIUS and/or SSH management are active for the web management interface.
Because user input is not sufficiently checked during authentication, attackers can use certain requests to exploit the vulnerability and, following a successful attack, execute commands with high user rights. Due to the critical classification and the central role of a management solution, it can be assumed that attackers can compromise networks in this way.
Customers with a support contract should receive the security update automatically. Those who have not booked such an option must provide some information in the warning message to receive the patch.
DoS attacks
Videos by heise
Many other vulnerabilities are classified with a “high” threat level. In most cases, attackers can cause DoS states, which triggers crashes (e.g., CVE-2025-20222). Admins can find further information on the vulnerabilities and security updates in the alerts linked below this message.
List sorted by threat level in descending order:
- Secure Firewall Management Center Software RADIUS
- Secure Firewall Threat Defense Software Snort 3
- Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software for Firepower 2100 Series IPv6 over IPsec
- Secure Firewall Management Center Software
- Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access VPN Web Server
- Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN
- Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software SSL/TLS Certificate
- Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Network Address Translation DNS Inspection
- Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Server
- IOS, IOS XE, Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2
- Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Web Services
- Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software for Firepower 3100 and 4200 Series TLS 1.3 Cipher
- Secure Firewall Threat Defense Software Geolocation Remote Access VPN
- Secure Firewall Management Center Software
- Secure Firewall Management Center Software XPATH
- Secure Firewall Management Center and Secure Firewall Threat Defense Software
- Secure Firewall Management Center Software
- Secure Firewall Management Center Software
- Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software DHCP
- Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software
- Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software
In July, Cisco had to adapt security reports on critical vulnerabilities in the Cisco Identity Services Engine. Although updates for the critical security leaks were available, they were also attacked on the Internet shortly after they became known.
(des)
