Jump to content

Cisco ASA

From Wikipedia, the free encyclopedia

The Cisco ASA 5500 Series Adaptive Security Appliances, or simply Cisco ASA, is Cisco's line of network security devices introduced in May 2005.[1] It succeeded three existing lines of Cisco products: the Cisco PIX firewall and NAT device in 2008,[2] the Cisco IPS 4200 Series, and the Cisco VPN 3000 Series Concentrators.

The Cisco ASA is a unified threat management device which combines several network security functions.[3] It has become one of the most widely used firewall/VPN solutions for small to medium-sized businesses. Early reviews indicated the Cisco GUI tools for managing the device were lacking.[4]

History

[edit]

A security flaw was identified when users customized the Clientless SSL VPN option of their ASA's but was rectified in 2015.[5]

In 2017 The Shadow Brokers revealed the existence of two privilege escalation exploits against the ASA called EPICBANANA[6] and EXTRABACON.[7][8] A code insertion implant called BANANAGLEE, was made persistent by JETPLOW.[9]

In 2018, a flaw in a WebVPN feature (CVE-2018-0101) which allowed for remote code execution was patched.[10]

In 2025, a spike in traffic scanning for Cisco ASA devices was found by security experts who suggested that a vulnerability may be known by hackers.[11] A week later, nearly 50,000 devices were announced to be affected by two more flaws allowing for remote code execution and access to restricted VPN endpoints was disclosed. Tracked as CVE-2025-20333 and CVE-2025-20362, the vulnerabilities were being actively exploited at the time of their disclosure.[12] Cisco shared that there was no fix available for the two vulnerabilities at the time.[13] In response, the United States of America's Cybersecurity and Infrastructure Security Agency directed federal agencies to identify any compromised units.[14] The United Kingdom's National Cyber Security Centre also posted a warning informing businesses and the wider public about the issue.[15]

Architecture

[edit]

The ASA software is based on Linux. It runs a single Executable and Linkable Format program called lina. This schedules processes internally rather than using the Linux facilities.[16] In the boot sequence a boot loader called ROMMON (ROM monitor) starts, loads a Linux kernel, which then loads the lina_monitor, which then loads lina. The ROMMON also has a command line that can be used to load or select other software images and configurations. The names of firmware files includes a version indicator, -smp means it is for a symmetrical multiprocessor (and 64 bit architecture), and different parts also indicate if 3DES or AES is supported or not.[16]

The ASA software has a similar interface to the Cisco IOS software on routers. There is a command line interface (CLI) that can be used to query operate or configure the device. In config mode the configuration statements are entered. The configuration is initially in memory as a running-config but would normally be saved to flash memory.[16]

Versions 7.0 to 9.0, plus 9.3 and 9.5 reached their end of life. The final version of software for the 5505-5550 models was released in 2014.[16]

Models

[edit]

55 Series (2010–2018)

[edit]

The 5505 introduced in 2010 was a desktop unit designed for small enterprises or branch offices. It included features to reduce the need for other equipment, such as an inbuilt switch, and power over Ethernet ports.[17] The 5585-X is a higher powered unit for datacenters introduced in 2010.[18] It runs in 32-bit mode on an Intel architecture Atom chip.[16]

Model 5505[19] 5510 5520[19] 5540[19] 5550[19] 5580-20[19] 5580-40[19] 5585-X SSP10[19] 5585-X SSP20[19] 5585-X SSP40[19] 5585-X SSP60[19]
Cleartext throughput, Mbit/s 150 300 450 650 1,200 5,000 10,000 3,000 7,000 12,000 20,000
AES/Triple DES throughput, Mbit/s 100 170 225 325 425 1,000 1,000 1,000 2,000 3,000 5,000
Max simultaneous connections 10,000 (25,000 with Sec Plus License) 50,000 (130,000 with Sec Plus License) 280,000 400,000 650,000 1,000,000 2,000,000 1,000,000 2,000,000 4,000,000 10,000,000
Max site-to-site and remote access VPN sessions 10 (25 with Sec Plus License) 250 750 5,000 5,000 10,000 10,000 5,000 10,000 10,000 10,000
Max number of SSL VPN user sessions 25 250 750 2,500 5,000 10,000 10,000 5,000 10,000 10,000 10,000
Model 5505 5510 5520 5540 5550 5580-20 5580-40 5585-X SSP10 5585-X SSP20 5585-X SSP40 5585-X SSP60

Cisco determined that most of the low end devices had too little capacity to include the features needed, such as anti-virus, or sandboxing, and so introduced a new line of next-generation firewalls called Firepower. These run in 64-bit mode.[16]

Firepower (2018+ models)

[edit]

The newer 5512-X, 5515-X, 5525-X, 5545-X and 5555-X can have an extra interface card added.[20] The 5585-X also supports an optional security services processor.[21] The ASA 5585-X has a slot for an I/O module which can be subdivided into two half width modules.[22]

Model[20] 5506-X 5506W-X 5506H-X 5508-X 5512-X 5515-X 5516-X 5525-X 5545-X 5555-X 5585-X
Throughput Gb/s 0.25 0.25 0.25 0.45 0.3 0.5 0.85 1.1 1.5 1.75 4-40
GB ports 8 8 4 8 6 6 8 8 8 8 6-8
Ten GB ports 0 0 0 0 0 0 0 0 0 0 2-4
Form factor desktop desktop desktop 1 RU 1 RU 1 RU 1 RU 1RU 1RU 1RU 2RU

References

[edit]
  1. ^ Cisco press release Archived 2012-12-04 at the Wayback Machine quote: "Las Vegas (Interop) May 3, 2005 – Cisco Systems, Inc., today announced the availability of the Cisco ASA 5500 Series Adaptive Security Appliance s"
  2. ^ Davis, David (19 February 2008). "Converting from old to new with the PIX to ASA Migration Tool". TechRepublic.
  3. ^ Davis, David (30 June 2005). "Get to know Cisco's new security appliance: ASA 5500". TechRepublic. Retrieved 21 March 2018.
  4. ^ "Cisco hits on firewall/VPN, misses on ease of use". May 2006. Retrieved 28 December 2012.
  5. ^ Saarinen, Juha (February 20, 2015). "Unpatched Cisco ASA firewalls targeted by hackers". iTnews. Retrieved March 20, 2018.
  6. ^ "NVD - CVE-2016-6367". nvd.nist.gov. Retrieved 2020-07-13.
  7. ^ "NVD - CVE-2016-6366". nvd.nist.gov. Retrieved 2020-07-13.
  8. ^ "The Shadow Brokers EPICBANANA and EXTRABACON Exploits". Cisco Blogs. 2016-08-17. Retrieved 2020-07-13.
  9. ^ "Equation Group Firewall Operations Catalogue". musalbas.com. Archived from the original on August 16, 2016.
  10. ^ Saarinen, Juha (30 January 2018). "Cisco ASA VPN feature allows remote code execution". iTnews.
  11. ^ Toulas, Bill. "Surge in networks scans targeting Cisco ASA devices raise concerns". BleepingComputer. Retrieved 2025-10-15.
  12. ^ Toulas, Bill. "Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws". BleepingComputer. Retrieved 2025-10-15.
  13. ^ Gatlan, Sergiu. "Cisco warns of ASA firewall zero-days exploited in attacks". BleepingComputer. Retrieved 2025-10-15.
  14. ^ News, The Hacker. "Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive". The Hacker News. Retrieved 2025-10-15. {{cite web}}: |last= has generic name (help)
  15. ^ "NCSC warns of persistent malware campaign targeting Cisco devices". www.ncsc.gov.uk. Archived from the original on 2025-09-27. Retrieved 2025-10-15.
  16. ^ a b c d e f "Intro to the Cisco ASA". research.nccgroup.com. 20 September 2017.
  17. ^ "Cisco Expands Security". Network Computing. 9 July 2006.
  18. ^ "Cisco's High-Performance ASA Appliance, New Version Of Anyconnect". Network Computing. 5 October 2010.
  19. ^ a b c d e f g h i j "Cisco ASA Model Comparison page". Retrieved 2008-05-15.
  20. ^ a b "Cisco ASA with FirePOWER Services Data Sheet". Cisco. 9 February 2018. Archived from the original on 3 April 2018. Retrieved 20 March 2018.
  21. ^ Moraes, Alexandre M. S. P. (2011). Cisco Firewalls. Cisco Press. ISBN 9781587141119.
  22. ^ "Cisco ASA 5585-X Stateful Firewall Data Sheet". Cisco. 7 June 2017. Archived from the original on 3 April 2018. Retrieved 20 March 2018.
[edit]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Cisco_ASA&oldid=1317028024"