CISA and NCSC Warn of FIRESTARTER Linux Backdoor Targeting Cisco Firepower Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK's National Cyber Security Centre (NCSC) have issued warnings about FIRESTARTER, a Linux-based backdoor malware targeting Cisco Firepower firewall and VPN devices. The backdoor is designed to evade patches and maintain persistent access even after firmware updates, compromising the integrity of affected systems. No specific CVE IDs, dates, or technical indicators (e.g., attack vectors or infection methods) were disclosed in the notice. The primary impact involves unauthorized access to Cisco Firepower devices, though further operational details remain unconfirmed. The advisory highlights the threat's ability to bypass security measures, posing risks to enterprise network defenses.