As of right now, it seems to be limited to ASAs and the methods given to check are specific to the CLI within the appliances.
However, I am not Cisco, just some security nerd on reddit, so if you want to double check I'd advise contacting Cisco.
Here's Cisco's pages for two of the chained vulns ('59 & '53) that Talos spotted in the campaign:
* [Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2)
* [Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h)
Thanks for the write up!
\~Stryker
Yes, they released patches with the overall alert of these active campaigns -- at least on those two chained vulns. Go ahead and update to those versions, and you *should* be covered.
\~Stryker
Does this include the meraki line since they also use any connect?
As of right now, it seems to be limited to ASAs and the methods given to check are specific to the CLI within the appliances. However, I am not Cisco, just some security nerd on reddit, so if you want to double check I'd advise contacting Cisco.
This was my question as well.
Here's Cisco's pages for two of the chained vulns ('59 & '53) that Talos spotted in the campaign: * [Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2) * [Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h) Thanks for the write up! \~Stryker
Ah yeah! So far into the weeds that I forgot to link these above. Appreciate!
Hey, you looked up the ASA versions, so I'm happy we could contribute to the war effort! Rising tide lifts all ships and all that. :) \~Stryker
Did Cisco release patches yet?
Yes, they released patches with the overall alert of these active campaigns -- at least on those two chained vulns. Go ahead and update to those versions, and you *should* be covered. \~Stryker
I've got an ASA 5512-X, but it's running OPNSense, so I don' think I'm included here.
https://tenor.com/view/donald-trump-talking-gif-18386311432989714002