Crowdsourcing Your Cisco Firewall Administration... WAT?

Presented at THOTCON 0x5 (2014), April 25, 2014, 11 a.m. (45 minutes)

What if I told you that your users had the ability to administer your firewall? With the advent of some new vulnerabilities we discovered in Cisco ASA, your end users can bypass all authorization controls and execute any command on your firewall with full administrative privileges. This presentation will cover how these vulnerabilities were discovered, just how simple they are to exploit, and what you need to do right now to prevent getting owned.

Presenters:

• Laura Guay
  Laura Guay is a Platform Engineer at Dell SecureWorks and is focused on the management of Cisco and Imperva security appliances. Before joining SecureWorks, she was a member of the Security and Privacy team at Crowe Horwath and performed penetration testing. Laura has a particular interest in breaking and fixing network security devices.
• Jonathan Claudius
  Jonathan Claudius is a Senior Security Researcher at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has over 12 years of experience in IT with the last 10 years specializing in Security. At Trustwave, Jonathan works in the SpiderLabs Research Division as member of the Vulnerability Assessment Team (VAT) where he develops the core engine for Trustwave's Vulnerability Scanning Services.

Similar Presentations:

• Black Hat USA 2022 / Do Not Trust the ASA, Trojans!
• DEF CON 30 (2022) / Do Not Trust the ASA, Trojans!
• Kiwicon 8: It's always 1989 in Computer Security (2014) / Breaking Bricks and Plumbing Pipes: Cisco ASA a Super Mario Adventure