Categories: US-Cert-RepositoryUS-Cert-RepositoryUS-Cert-RepositoryUS-Cert-RepositoryUS-Cert-RepositoryUS-Cert-Repository

CISA Directs Federal Agencies to Identify and Mitigate Potential Compromise of Cisco Devices


Today, CISA issued Emergency Directive ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices to address vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Cisco Firepower devices. CISA has added vulnerabilities CVE-2025-20333 and CVE-2025-20362 to the Known Exploited Vulnerabilities Catalog. 

The Emergency Directive requires federal agencies to identify, analyze, and mitigate potential compromises immediately. Agencies must:

  • Identify all instances of Cisco ASA and Cisco Firepower devices in operation (all versions).
  • Collect and transmit memory files to CISA for forensic analysis by 11:59 p.m. EST Sept. 26.

For detailed guidance, including additional actions tailored to each agency’s status, refer to the full Emergency Directive ED 25-03.

The following associated resources are available to assist agencies. 

  • Supplemental Direction ED 25-03: Core Dump and Hunt Instructions
  • Eviction Strategies Tool with a Cisco ASA Compromise template to assemble a comprehensive eviction plan with distinct countermeasures for containment and eviction which can be tailored to individual network owners’ specific needs.
  • Known Exploited Vulnerabilities Catalog
  • Cisco Security Advisories:
    • Cisco Event Response: Continued Attacks Against Cisco Firewalls
    • CVE-2025-20333: Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Remote Code Execution Vulnerability
    • CVE-2025-20362: Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Unauthorized Access Vulnerability
  • United Kingdom National Cyber Security Centre (NCSC):
    • NCSC warns of persistent malware campaign targeting Cisco devices
    • Malware Analysis Report: RayInitiator & LINE VIPER

Although ED 25-03 and the associated supplemental guidance are directed to federal agencies, CISA urges all public and private sector organizations to review the Emergency Directive and associated resources and take steps to mitigate these vulnerabilities.



Source link

admin

Leave a Comment
Share
Published by
admin
21 mins ago

Recent Posts

Widespread Supply Chain Compromise Impacting npm Ecosystem

CISA is releasing this Alert to provide guidance in response to a widespread software supply…

1 day ago

CISA Releases Advisory on Lessons Learned from an Incident Response Engagement

Today, CISA released a cybersecurity advisory detailing lessons learned from an incident response engagement following…

2 days ago

SonicWall Releases Advisory for Customers after Security Incident

SonicWall released a security advisory to assist their customers with protecting systems impacted by the…

3 days ago

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems (ICS) advisories on September 18, 2025. These advisories provide…

6 days ago

CISA Releases Malware Analysis Report on Malicious Listener Targeting Ivanti Endpoint Manager Mobile Systems

Today, CISA released a Malware Analysis Report detailing the functionality of two sets of malware…

1 week ago

CISA Releases Eight Industrial Control Systems Advisories

CISA released eight Industrial Control Systems (ICS) advisories on September 16, 2025. These advisories provide…

1 week ago

This website uses cookies.