The ongoing cyber campaign is organized by vulnerabilities found in the Cisco Adaptive Security Security (ASA) family of Unified Wreats Management (UTM), caused warning from the British and American users to disconnect and abandon the outstanding, outdated, outdated, outdated, obsolete, obsolete, obsolete, outdated, outdated, obsolete, obsolete, outdated, outdated, outdated, obsolete Equipment out of supportField
Cisco ASA is a multi -purpose line of technical safety precautions, which during the introduction in the 2000s changed various functions that Cisco previously proposed in autonomous form, including firewalls, invasion prevention and virtual private network. This remains well used to this day, especially among small and medium -sized enterprises (SMEs).
The warning is associated with two different shortcomings in the technology – CVE-2025-20333includes the execution of remote code (RCE) and CVE-2025-20362Provides an increase in privileges (EOP). The third arbitrary vulnerability of the code execution, CVE-2025-20363It was also identified, but not in the field of this specific warning.
Cisco said Problems affect the model of the Cisco ASA 5500-X series using the Cisco ASA software release 9.12 or 9.14 with the VPN Web Services included. Specific models-5512-X, 5515-X, 5525-X, 5545-X, 5555-X and 5585-X, some of which reached the status at the end of the service life in 2017. Two of them, 5512-X and 5515-X have been out of support since 2022.
The National Cybersecurity Center (NCSC) is strongly recommended where it is practically possible that the ASA models that go out of support over the next 12 months should be replaced, noting significant risks that are outdated, the equipment at the end of the service life can put.
“It is very important for organizations to take into account the recommended actions allocated … especially when detecting and recovering,” said Ollie Whitehouse, Chief Technological Director of NCSC.
“We strongly recommend that the network defenders follow the best practices of suppliers and interact with the report on the analysis of the NCSC malware in order to help in their investigations.
“Technology at the end of life presents a significant risk to organizations. Systems and devices should be quickly migrated to modern versions to eliminate vulnerabilities and increase stability, ”he said.
IN Emergency directive Released before the weekend on September 27-28, the US Cybersecurity and Cybersecurity Agency and the CISA (CISA) instructed all users in the American government to take into account and update Cisco Asa devices, as well as Cisco FirePower Devices, which are also affected.
CISA supported the NCSC warning, saying that if the ASA hardware models with the end of support falling on Tuesday, September 30, 2025, they must be disconnected forever.
“These outdated platforms [and/or] Issues cannot meet the current requirements of support and updates of suppliers, ”Cisa said.
What is the problem?
According to Cisco, the latest vulnerabilities are used by the actor of the threat of Arcanedoor campaign, which first appeared in April 2024 and is considered the work of a national actor supported by the state.
It is believed that this lesson returns a few months before, from Cisco Talos Threat of Intel Unit Having identified the infrastructure controlled by the attacker, active in November 2023, as well as possible testing and development for previous exploits in July of the same year.
Cisco said He worked with several injured clients, including state institutions, for some time an investigation of the last series of attacks. He described the attacks with complex and complex, demanding an extensive answer, and added that the actor of the threat is still Active scanning of interestsField
The campaign was associated with two different Malwarees called Line Dancer and Line Runner, which were the subject of warning in 2024.
Linear dancerSheltcode loader and Linear runnerWebshell Lua, work in tandem so that the actors of the threat achieve their goals on ASA devices.
