UK, US urge Cisco users to ditch end-of-life security appliances | Computer Weekly

UK, US urge Cisco users to ditch end-of-life security appliances | Computer Weekly

Briefly

"An ongoing campaign of cyber attacks orchestrated through vulnerabilities found in the Cisco Adaptive Security Appliance (ASA) family of unified threat management (UTM) kit has prompted warnings from both the British and American authorities for users to unplug and discard outdated, out-of-support equipment. Cisco ASA is a multipurpose line of security appliances that, on introduction in the 2000s, succeeded various functions"

"The alert stems from two distinct flaws in the technology - CVE-2025-20333, enabling remote code execution (RCE), and CVE-2025-20362, enabling elevation of privileges (EoP). A third arbitrary code execution vulnerability, CVE-2025-20363, has also been identified but is not in the scope of this specific alert. Cisco said the issues impact Cisco ASA 5500-X Series models running Cisco ASA Software Release 9.12 or 9.14 with VPN web services enabled. The specific models involved are 5512-X, 5515-X, 5525-X, 5545-X, 5555-X and 5585-X,"

"The National Cyber Security Centre (NCSC) strongly recommended, where practicable, that ASA models falling out of support over the next 12 months should be replaced, noting the significant risks that obsolete, end-of-life hardware can pose. "It is critical for organisations to take note of the recommended actions highlighted ... particularly on detection and remediation," said NCSC chief technology officer Ollie Whitehouse."