So a strange situation happened. Network went down and the cause of the network going down is that config got lost and 5506 went to default config running first matched asaos.
Off course SysLog is not existent so we can't trace logs prior to the incident.
Device definitely wasn't susceptible to this vulnerability: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1 but was susceptible to this one: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd
In 100s of 5506 we deployed this is the first incident of this nature. Everything suggests that someone physically tampered with a reset button.
Obviously I am not asking here what happened but I am curious if anyone else experienced an incident where 5506 went to as-shipped configuration.
No comments:
Post a Comment