Customers may find their appliances compromised or a screw loose. Credit: MaxKabakov / Getty Images Cisco Systems has been hit with an unusual double-whammy of issues, one of them in software and one in hardware. First, the more serious issue, a firewall flaw. Security researcher Positive Technologies, which hunts for security vulnerabilities, posted a warning that a vulnerability in Cisco firewall appliances could allow hackers to cause them to fail. The problem is in the Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls. Forrester Research says there are more than a million of them deployed worldwide. Positive assessed the severity level of vulnerability as high and recommended users should install updates, which are available, as soon as possible. Positive Technologies’ researcher Nikita Abramov wrote “If hackers disrupt the operation of Cisco ASA and Cisco FTD, a company will be left without a firewall and remote access (VPN). If the attack is successful, remote employees or partners will not be able to access the internal network of the organization, and access from the outside will be restricted.” He added that an attacker doesn’t need elevated privileges or special access to exploit the vulnerability, just a simple HTTPS request, in which one of the parts will be different in size than expected by the device. Further parsing of the request will cause a buffer overflow, and the system will be abruptly shut down and then restart. In its own blog post on the subject, Cisco said the vulnerabilities are due to improper input validation of HTTPS requests. An attacker could send a malicious HTTPS request to an affected device causing it to restart, resulting in a denial of service (DoS) condition. Cisco said exploitation of this vulnerability can cause a memory leak, so users can set an alert to high memory usage as a sign of an attack. Cisco is aware of the problem, and the blog post tells how to get updates that address them. Loose Screws On the more mundane side of things, Cisco has posted an alert warning owners of its Unified Compute Systems (UCS) that the UCS X9508 chassis that houses the servers may have a screw loose. The company said the Power Entry Module (power supply) for a small number of UCS 9508 units might not be screwed in tight in the chassis and could be pulled out when power cord is unplugged from the chassis. “The captive screws designed to secure the PEM were not correctly tightened and some chassis were shipped with the module improperly secured.” As a result, “The PEM might slide out of the chassis when the power cord is removed.” The PEM has two power cords. This doesn’t require a patch or download, just a T10 torx head driver. Cisco advises powering down the server but not removing the plugs or PEM before tightening the screws. Related content news High-bandwidth memory nearly sold out until 2026 While it might be tempting to blame Nvidia for the shortage of HBM, it’s not alone in driving high-performance computing and demand for the memory HPC requires. By Andy Patrizio May 13, 2024 3 mins CPUs and Processors High-Performance Computing Data Center news CHIPS Act to fund $285 million for semiconductor digital twins Plans call for building an institute to develop digital twins for semiconductor manufacturing and share resources among chip developers. By Andy Patrizio May 10, 2024 3 mins CPUs and Processors Data Center news HPE launches storage system for HPC and AI clusters The HPE Cray Storage Systems C500 is tuned to avoid I/O bottlenecks and offers a lower entry price than Cray systems designed for top supercomputers. By Andy Patrizio May 07, 2024 3 mins Supercomputers Enterprise Storage Data Center news Lenovo ships all-AMD AI systems New systems are designed to support generative AI and on-prem Azure. By Andy Patrizio Apr 30, 2024 3 mins CPUs and Processors Data Center PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe