Cybersecurity Today – Episode: "50,000 Cisco Firewalls Exposed"
Host: Jim Love
Date: October 1, 2025
Episode Overview
This episode focuses on critical new cybersecurity threats affecting businesses and organizations worldwide. Host Jim Love walks listeners through three urgent vulnerabilities: exposed Cisco firewalls, a dangerous sudo flaw impacting Linux, and severe remote command weaknesses in Western Digital My Cloud devices. He concludes with a warning about rapid advances in AI voice cloning, underscoring the escalating risks for fraud and social engineering. Actionable advice is delivered throughout, targeting both technical and general listeners.
Key Discussion Points & Insights
1. Widespread Exposure of Cisco Firewalls
[00:12]
- Scope of Exposure: Nearly 50,000 Cisco firewalls (ASA and Firepower Threat Defense devices) remain exposed to the Internet through two major vulnerabilities:
- CVE2025-2333: CVSS 9.9 (critical)
- CVE2025-2362: CVSS 6.5 (high)
- Affected Models: Many vulnerable units are older 5500x series firewalls, at or nearing end of life.
- Affected Regions: The majority of affected systems are in the United States.
- Urgent Government Action: National security agencies from the US, Canada, France, Netherlands, and the UK have issued urgent warnings. The US Cybersecurity and Infrastructure Security Agency (CISA) mandated federal agencies patch within 24 hours.
- Attacker Behavior: Tactics resemble last year’s Artain Door campaign, featuring:
- The Ray Initiator bootkit for persistence
- The Line Viper loader for additional malicious activity.
- Security Guidance:
“If you can’t patch, replace.”
(Jim Love, [00:38])
2. Critical Sudo Vulnerability in Linux/Unix
[01:01]
- Vulnerability Details:
- CVE 2020-532463 (CVSS 9.3) affects sudo versions before 1.9.17p1.
- Allows local attackers to exploit Schrute handling and execute arbitrary commands as root, even if not authorized in sudoers.
- Current Status:
- The exploit is now active in the wild.
- Researchers disclosed it earlier this year.
- CISA added it to the known exploited vulnerabilities list.
- Federal agencies have received an urgent mitigation window.
- Remediation:
"Everyone running Linux or Unix servers with older sudo must update to 1.9.17 P1 or later immediately."
(Jim Love, [01:28])
3. Remote Command Injection in Western Digital My Cloud Devices
[01:45]
- Vulnerability Details:
- CVE 2020530247 (CVSS 9.8) allows attack via HTTP POST to the device web interface.
- Firmware Updates:
- Firmware version 5.31.108 (released September 23) fixes supported models.
- Patch applies to PR2100, PR4100, EX4100, EX2 Ultra, Mirror Gen2, and others.
- End-of-Support Risk:
- Some versions (DL2100, DL4100) are no longer supported and will not be patched.
- Threat Implications:
- Unpatched devices are attractive targets for data theft, ransomware, or botnets because they run unattended.
- Security Guidance:
"If you run My Cloud hardware, take a look, update it now or take it off the network until you can replace it."
(Jim Love, [02:14])
4. Real-Time AI Voice Cloning Escalates Vishing
[02:36]
- New Development:
- Researchers have demonstrated real-time, responsive AI voice cloning that can convincingly simulate someone's voice during live calls — advancing "vishing" beyond old-school prerecorded attacks.
- The tool is currently kept private by its creators, but the threat is imminent.
- Ease of Abuse:
"With only minutes of audio and a few hours of training, attackers can create calls that sound convincing enough to trick accountants, receptionists, or perhaps even family members."
(Jim Love, [02:52]) - Mitigation Strategies:
- If your organization authorizes payments or access by phone:
- Require written confirmation, dual approvals, or pre-agreed secret words
- For family situations, establish verification phrases with relatives, especially elders
- Never send money or credentials because of an unexpected call
- If your organization authorizes payments or access by phone:
- Call to Action:
"If you don't already have these protections in accounting or high-risk roles, why not walk down there today and set them up?"
(Jim Love, [03:17])
"There's never been a piece of technology this powerful that wasn't weaponized. So let's take this as a given and let's take this as a bit of a fair warning and get on it today."
(Jim Love, [03:27])
Notable Quotes
-
"If you can’t patch, replace."
(Jim Love on end-of-life Cisco firewalls, [00:38]) -
"Everyone running Linux or Unix servers with older sudo must update to 1.9.17 P1 or later immediately."
(Jim Love, [01:28]) -
"If you run My Cloud hardware, take a look, update it now or take it off the network until you can replace it."
(Jim Love, [02:14]) -
"With only minutes of audio and a few hours of training, attackers can create calls that sound convincing enough to trick accountants, receptionists, or perhaps even family members."
(Jim Love, [02:52]) -
"There's never been a piece of technology this powerful that wasn't weaponized. So let's take this as a given and let's take this as a bit of a fair warning and get on it today."
(Jim Love, [03:27])
Timestamps for Important Segments
- [00:12] – Cisco Firewall Vulnerabilities Overview
- [01:01] – Critical Sudo Vulnerability on Linux/Unix Systems
- [01:45] – Western Digital My Cloud Command Injection Flaw
- [02:36] – Real-Time AI Voice Cloning as Next-Gen Social Engineering
- [03:27] – Final Call to Action and Precautions
Summary
In this concise, actionable briefing, Jim Love alerts listeners to immediate and severe threats: thousands of Cisco firewalls exposed worldwide, a must-patch sudo bug in Linux, unprotected Western Digital storage devices, and the dawning age of real-time AI-powered vishing. The advice is clear: patch, isolate, or replace vulnerable systems; aggressively adopt strong verification and dual-authorization workflows for sensitive communications; and never underestimate how quickly new technologies can be turned against individuals and organizations. This episode is a succinct, vital update for anyone responsible for the security of networks, data, or people.