The U.S. government’s cyber defense agency issued an emergency directive on Thursday in response to an advanced threat actor targeting Cisco (NASDAQ:CSCO) Adaptive Security Appliances via web services.
The Emergency Directive mandates that all Federal Civilian Executive Branch Departments and Agencies account for all in-scope devices, collect forensic data, and assess any compromises using CISA-provided procedures and tools.
Cisco, in a statement, said it has released software updates that address this vulnerability and strongly recommends that customers upgrade to a fixed software release. “There are no workarounds that address this vulnerability,” the company said.
“This widespread campaign poses a significant risk to victims’ networks by exploiting zero-day vulnerabilities that persist through reboots and system upgrades,” the Cybersecurity and Infrastructure Security Agency said in the notice.
“As the lead for federal cybersecurity, CISA is directing federal agencies to take immediate action due to the alarming ease with which a threat actor can exploit these vulnerabilities, maintain persistence on the device, and gain access to a victim’s network,” said CISA Acting Director Madhu Gottumukkala.
The same risks apply to any organizations using these devices, the directive said.