Close Menu

    Subscribe to Updates

    Get the latest tech news from Tallwire.

      What's Hot

      Doll Head Loophole Exposes Limits of Tesla’s Driver-Monitoring Technology

      July 18, 2026

      Palisades Nuclear Restart Faces Legal Victory but Operational Delays

      July 18, 2026

      Robots Transform Hyundai’s Georgia Plant While Human Workers Remain Essential

      July 17, 2026
      Facebook X (Twitter) Instagram
      • Tech
      • AI
      • Get In Touch
      Facebook X (Twitter) LinkedIn
      TallwireTallwire
      • Tech

        Palisades Nuclear Restart Faces Legal Victory but Operational Delays

        July 18, 2026

        Doll Head Loophole Exposes Limits of Tesla’s Driver-Monitoring Technology

        July 18, 2026

        Safely Recycling an Old PC Starts With Protecting Your Data

        July 17, 2026

        Trump Takes Measured Approach to Winning the Quantum Race

        July 17, 2026

        U.N. Chief Renews Push for Global Ban on Autonomous AI Weapons

        July 17, 2026
      • AI

        Doll Head Loophole Exposes Limits of Tesla’s Driver-Monitoring Technology

        July 18, 2026

        Robots Transform Hyundai’s Georgia Plant While Human Workers Remain Essential

        July 17, 2026

        Architects Look to Beautify Data Centers as AI Expansion Sparks Local Resistance

        July 17, 2026

        U.N. Chief Renews Push for Global Ban on Autonomous AI Weapons

        July 17, 2026

        China Uses Open-Source AI Push to Expand Global Influence

        July 17, 2026
      • Security

        Safely Recycling an Old PC Starts With Protecting Your Data

        July 17, 2026

        U.N. Chief Renews Push for Global Ban on Autonomous AI Weapons

        July 17, 2026

        China Uses Open-Source AI Push to Expand Global Influence

        July 17, 2026

        New AI Safety Proposal Calls for U.S.-China Pause on Frontier AI Development

        July 16, 2026

        Social Media Ban Proposal Sparks Fears of Collateral Damage for Educational Technology Firms

        July 16, 2026
      • Health

        AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

        July 16, 2026

        AI Chatbots Increasingly Clash With Eating Disorder Treatment

        July 15, 2026

        Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

        July 15, 2026

        Humanoid Robots Complete First Live Surgical Procedures in Medical Milestone

        July 14, 2026

        Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

        July 14, 2026
      • Science

        Palisades Nuclear Restart Faces Legal Victory but Operational Delays

        July 18, 2026

        Trump Takes Measured Approach to Winning the Quantum Race

        July 17, 2026

        AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

        July 16, 2026

        U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

        July 16, 2026

        Scientists Advance “StormWall” Concept to Defend Earth from Catastrophic Solar Storms

        July 15, 2026
      • Tech

        AI Protesters March on Silicon Valley Giants Demanding Development Freeze

        July 14, 2026

        Palo Alto Networks CEO Warns AI Costs Must Plunge Before Enterprise Adoption Can Accelerate

        July 14, 2026

        DeepMind Unionization Effort Encounters Early Resistance as Labor Talks Stall

        July 11, 2026

        Always-On Workplace Culture Pushes Employees Toward the Breaking Point

        July 10, 2026

        High-Income Families Embrace AI-Driven Schools as Alternative Education Expands

        July 9, 2026
      TallwireTallwire
      Home»Tech»Federal Agencies Urged to Patch Cisco Firewalls Amid Active Exploitation
      Tech

      Federal Agencies Urged to Patch Cisco Firewalls Amid Active Exploitation

      5 Mins Read
      Facebook Twitter Pinterest LinkedIn Tumblr Email
      Federal Agencies Urged to Patch Cisco Firewalls Amid Active Exploitation
      Federal Agencies Urged to Patch Cisco Firewalls Amid Active Exploitation
      Share
      Facebook Twitter LinkedIn Pinterest Email

      A sharp warning has been issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to federal agencies: two critical vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower devices—CVE-2025-20333 (remote code execution) and CVE-2025-20362 (privilege escalation)—are being actively exploited by threat actors, yet many agencies that reported systems as “patched” are still running insecure versions. According to reports, the agency found devices that had been updated but not to a version that corrects the vulnerability, and continues to track thousands of internet-connected devices still at risk. CISA’s Emergency Directive 25-03 mandated the fixes and additional forensic procedures, stressing that federal agencies must update all ASA and Firepower devices—not just those exposed to the internet—and verify compliance immediately.

      Sources: Bleeping Computer, HelpNet Security

      Key Takeaways

      – Federal agencies remain vulnerable despite patch-reports: CISA found devices labeled “patched” that still run software versions open to exploitation.

      – Two major vulnerabilities in Cisco ASA/Firepower gear—one allowing remote code execution, the other privilege escalation—are being exploited in real‐world campaigns.

      – CISA’s directive demands full coverage—including internal devices, not only public-facing firewalls—and mandates forensic action, version verification, and potential device decommissioning where patches cannot be applied.

      In-Depth

      The federal government has been put on high alert by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) after discovering that multiple civilian agencies remain exposed to two serious flaws in Cisco firewall hardware and software, even after receiving clear instructions to patch them. The vulnerabilities—tracked as CVE-2025-20333 (remote code execution) and CVE-2025-20362 (privilege escalation)—are especially dangerous when chained, because an attacker gaining access via CVE-20362 can then exploit CVE-20333 to achieve full control of the device. Security firm research links the campaign exploiting them to the long-running “ArcaneDoor” group.

      CISA’s Emergency Directive 25-03, originally issued in late September, required agencies using Cisco ASA or Firepower devices to immediately update to fixed versions, conduct forensic activity, disconnect compromised gear, and report status. However, the update this week from CISA makes one thing very clear: the job is not done. Some agencies delivered status updates claiming “patched” devices, yet investigations reveal those devices may still run vulnerable software versions or may not have been subjected to full forensic verification. In effect, the sticker “patched” is not equal to “secure.”

      Further compounding the risk: the vulnerabilities are not limited to the devices facing the public internet. Internal devices, VPN-backhaul endpoints, and other firewall equipment isolated from external traffic are still in scope. CISA emphasizes that all devices—public or internal—need attention. The practical challenge is significant: many federal systems run older hardware, or software versions that must be updated via special-release channels, and some still run firewalls at or beyond vendor support end-dates. One recent industry bulletin noted that more than 30,000 Cisco ASA/Firepower devices remain vulnerable online.

      From a conservative security posture, the implications are stark. Agencies entrusted with some of the nation’s most sensitive data remain exposed to infiltration via perimeter devices—precisely the equipment meant to be a first line of defense. A breach of a firewall doesn’t just mean stolen data; it could mean attacker persistence, lateral movement, and undetected exfiltration for months. The fact that agencies may have ticked the “patch applied” box without verifying versions or conducting forensic checks undermines the credibility of patch-compliance reporting.

      To illustrate: suppose a federal agency applied a software update, but it installed version 9.12.4.70 instead of the required 9.12.4.72 (the fixed release). Even though the patch was applied, the device remains vulnerable. Because of real-world exploits, CISA recommends agencies also execute “core dump and hunt” instructions to look for signs of compromise—such as modified ROMMON (bootloader) code or disabled logging—especially vital because attackers may persist through reboots and upgrades.

      What should agencies (and indeed any organization using similar gear) do now? First, compile an inventory of all ASA and Firepower devices, including those not facing the public internet. Second, confirm the exact software version and patch level against Cisco’s advisories and CISA’s version-tables. Third, run the forensic procedures provided by CISA to detect signs of compromise; if detected, isolate or decommission as needed. Fourth, consider device replacement if hardware is end-of-life or cannot be upgraded to a safe version. Fifth, document everything both for internal compliance and for oversight purposes—especially given the federal government’s accountability protocols.

      On the broader front, this situation underscores a recurring theme in government cybersecurity: issuing directives is only the first step; enforcing compliance and verifying outcomes is where the real work lies. From a policy and governance perspective, this incident reinforces the need for tighter vendor-support lifecycle management, continuity planning for critical security appliances, and stronger mechanisms to ensure patching isn’t just reported, but validated. For national security, the stakes are high: the adversaries targeting these flaws are real, sophisticated, and persistent.

      In short, this is not a classic “apply patch and forget” moment—it’s a reminder that in cybersecurity, the “final mile” of verifying full remediation is where too many organizations falter. Federal agencies must now move from “patch applied” to “patch validated and device cleared.” The private sector should take note: if the federal government can struggle with this, chances are many smaller organizations are in even greater peril. Vigilance, verification, and remediated device hygiene are non-negotiable.

      Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
      Previous ArticleFed Chair Powell Asserts AI Spending Isn’t a Bubble — Despite Rising Warnings
      Next Article Federal Court Finds Meta Not an Illegal Monopoly

      Related Posts

      Palisades Nuclear Restart Faces Legal Victory but Operational Delays

      July 18, 2026

      Doll Head Loophole Exposes Limits of Tesla’s Driver-Monitoring Technology

      July 18, 2026

      Safely Recycling an Old PC Starts With Protecting Your Data

      July 17, 2026

      Trump Takes Measured Approach to Winning the Quantum Race

      July 17, 2026
      Add A Comment
      Leave A Reply Cancel Reply

      Editors Picks

      Palisades Nuclear Restart Faces Legal Victory but Operational Delays

      July 18, 2026

      Doll Head Loophole Exposes Limits of Tesla’s Driver-Monitoring Technology

      July 18, 2026

      Safely Recycling an Old PC Starts With Protecting Your Data

      July 17, 2026

      Trump Takes Measured Approach to Winning the Quantum Race

      July 17, 2026
      Popular Topics
      Space Tim Cook Satya Nadella Tesla Cybertruck Series A spotlight Series B Viral SpaceX Sundar Pichai Stocks starlink trending UAE Tech Startup Satellite Samsung Tesla Taiwan Tech Software
      Major Tech Companies
      • Apple News
      • Google News
      • Meta News
      • Microsoft News
      • Amazon News
      • Samsung News
      • Nvidia News
      • OpenAI News
      • Tesla News
      • AMD News
      • Anthropic News
      • Elbit News
      AI & Emerging Tech
      • AI Regulation News
      • AI Safety News
      • AI Adoption
      • Quantum Computing News
      • Robotics News
      Key People
      • Sam Altman News
      • Jensen Huang News
      • Elon Musk News
      • Mark Zuckerberg News
      • Sundar Pichai News
      • Tim Cook News
      • Satya Nadella News
      • Mustafa Suleyman News
      Global Tech & Policy
      • Israel Tech News
      • India Tech News
      • Taiwan Tech News
      • UAE Tech News
      Startups & Emerging Tech
      • Series A News
      • Series B News
      • Startup News
      Tallwire
      Facebook X (Twitter) LinkedIn Threads Instagram RSS
      • Tech
      • Entertainment
      • Business
      • Government
      • Academia
      • Transportation
      • Legal
      • Press Kit
      © 2026 Tallwire. Optimized by ARMOUR Digital Marketing Agency.

      Type above and press Enter to search. Press Esc to cancel.