Customers may find their appliances compromised or a screw loose. Credit: MaxKabakov / Getty Images Cisco Systems has been hit with an unusual double-whammy of issues, one of them in software and one in hardware. First, the more serious issue, a firewall flaw. Security researcher Positive Technologies, which hunts for security vulnerabilities, posted a warning that a vulnerability in Cisco firewall appliances could allow hackers to cause them to fail. The problem is in the Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls. Forrester Research says there are more than a million of them deployed worldwide. Positive assessed the severity level of vulnerability as high and recommended users should install updates, which are available, as soon as possible. Positive Technologies’ researcher Nikita Abramov wrote “If hackers disrupt the operation of Cisco ASA and Cisco FTD, a company will be left without a firewall and remote access (VPN). If the attack is successful, remote employees or partners will not be able to access the internal network of the organization, and access from the outside will be restricted.” He added that an attacker doesn’t need elevated privileges or special access to exploit the vulnerability, just a simple HTTPS request, in which one of the parts will be different in size than expected by the device. Further parsing of the request will cause a buffer overflow, and the system will be abruptly shut down and then restart. In its own blog post on the subject, Cisco said the vulnerabilities are due to improper input validation of HTTPS requests. An attacker could send a malicious HTTPS request to an affected device causing it to restart, resulting in a denial of service (DoS) condition. Cisco said exploitation of this vulnerability can cause a memory leak, so users can set an alert to high memory usage as a sign of an attack. Cisco is aware of the problem, and the blog post tells how to get updates that address them. Loose Screws On the more mundane side of things, Cisco has posted an alert warning owners of its Unified Compute Systems (UCS) that the UCS X9508 chassis that houses the servers may have a screw loose. The company said the Power Entry Module (power supply) for a small number of UCS 9508 units might not be screwed in tight in the chassis and could be pulled out when power cord is unplugged from the chassis. “The captive screws designed to secure the PEM were not correctly tightened and some chassis were shipped with the module improperly secured.” As a result, “The PEM might slide out of the chassis when the power cord is removed.” The PEM has two power cords. This doesn’t require a patch or download, just a T10 torx head driver. Cisco advises powering down the server but not removing the plugs or PEM before tightening the screws. Related content news Pure Storage adds AI features for security and performance Updated infrastructure-as-code management capabilities and expanded SLAs are among the new features from Pure Storage. By Andy Patrizio Jun 26, 2024 3 mins Enterprise Storage Data Center news Nvidia teases next-generation Rubin platform, shares physical AI vision ‘I'm not sure yet whether I'm going to regret this or not,' said Nvidia CEO Jensen Huang as he revealed 2026 plans for the company’s Rubin GPU platform. By Andy Patrizio Jun 17, 2024 4 mins CPUs and Processors Data Center news Intel launches sixth-generation Xeon processor line With the new generation chips, Intel is putting an emphasis on energy efficiency. By Andy Patrizio Jun 06, 2024 3 mins CPUs and Processors Data Center news AMD updates Instinct data center GPU line Unveiled at Computex 2024. the new AI processing card from AMD will come with much more high-bandwidth memory than its predecessor. By Andy Patrizio Jun 04, 2024 3 mins CPUs and Processors Data Center PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe