VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

FIRESTARTER on Cisco ASA/Firepower: Backdoor Survived Patches — Urgent Actions

FIRESTARTER на Cisco ASA/Firepower: бекдор пережил патчи — срочные действия

Colleagues, a cybersecurity alert: CISA reported compromise of Cisco Firepower (ASA) in September 2025 — the FIRESTARTER backdoor persists after patches.

Summary:
- What: Linux ELF backdoor installed into boot, surviving reboots and updates.
- How: Exploited CVE-2025-20333 and CVE-2025-20362 with post‑exploit LINE VIPER for command execution and persistence.
- Recommendations: Treat configuration as compromised and reimage devices; temporarily perform a cold power cycle (disconnect power).

Why it matters: A persistent perimeter backdoor endangers network access and integrity.

What actions will you take?

#cybersecurity #Cisco #infrastructure #APT

Latest comments

No comments yet.