WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) released the “Implementation Guidance for Emergency Directive on Cisco Adaptive Security Appliances (ASA) and Firepower Device Vulnerabilities.” This guidance builds on CISA’s Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on September 25, which identified known vulnerabilities and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risks to all organizations.
“By following these best practices, organizations can better protect themselves from potential threats and ensure the integrity of their digital infrastructure,” said Nick Andersen, Executive Assistant Director for the Cybersecurity Division (CSD) at CISA. “The release of this implementation guidance is a critical step in mitigating the risks posed by these vulnerabilities.”
In an ever-evolving threat landscape, this implementation guidance provides information on the minimum software versions that address these vulnerabilities and directs federal agencies to conduct corrective patching measures on devices that are not compliant with these requirements. CISA recommends all organizations verify that correct minimum software version updates are applied.