TheCisco ASA 5500 Series Adaptive Security Appliances, or simplyCisco ASA, isCisco's line ofnetwork security devices introduced in May 2005.[1] It succeeded three existing lines of Cisco products: theCisco PIX firewall and NAT device in 2008,[2] the CiscoIPS 4200 Series, and the Cisco VPN 3000 Series Concentrators.
The Cisco ASA is aunified threat management device which combines several network security functions.[3] It has become one of the most widely used firewall/VPN solutions forsmall to medium-sized businesses. Early reviews indicated the Cisco GUI tools for managing the device were lacking.[4]
A security flaw was identified when users customized the ClientlessSSLVPN option of their ASA's but was rectified in 2015.[5]
In 2017The Shadow Brokers revealed the existence of two privilege escalation exploits against the ASA called EPICBANANA[6] and EXTRABACON.[7][8] A code insertion implant called BANANAGLEE, was made persistent by JETPLOW.[9]
In 2018, a flaw in a WebVPN feature (CVE-2018-0101) which allowed forremote code execution was patched.[10]
In 2025, a spike in traffic scanning for Cisco ASA devices was found by security experts who suggested that a vulnerability may be known by hackers.[11] A week later, nearly 50,000 devices were announced to be affected by two more flaws allowing for remote code execution and access to restricted VPN endpoints was disclosed. Tracked as CVE-2025-20333 and CVE-2025-20362, the vulnerabilities were being actively exploited at the time of their disclosure.[12] Cisco shared that there was no fix available for the two vulnerabilities at the time.[13] In response, the United States of America'sCybersecurity and Infrastructure Security Agency directed federal agencies to identify any compromised units.[14] The United Kingdom'sNational Cyber Security Centre also posted a warning informing businesses and the wider public about the issue.[15]
The ASA software is based on Linux. It runs a single Executable and Linkable Format program called lina. This schedules processes internally rather than using the Linux facilities.[16] In the boot sequence a boot loader called ROMMON (ROM monitor) starts, loads a Linux kernel, which then loads the lina_monitor, which then loads lina. The ROMMON also has a command line that can be used to load or select other software images and configurations. The names of firmware files includes a version indicator, -smp means it is for asymmetrical multiprocessor (and 64 bit architecture), and different parts also indicate if3DES orAES is supported or not.[16]
The ASA software has a similar interface to theCisco IOS software on routers. There is a command line interface (CLI) that can be used to query operate or configure the device. In config mode the configuration statements are entered. The configuration is initially in memory as a running-config but would normally be saved to flash memory.[16]
Versions 7.0 to 9.0, plus 9.3 and 9.5 reached their end of life. The final version of software for the 5505-5550 models was released in 2014.[16]
The 5505 introduced in 2010 was a desktop unit designed for small enterprises or branch offices. It included features to reduce the need for other equipment, such as an inbuiltswitch, andpower over Ethernet ports.[17] The 5585-X is a higher powered unit fordatacenters introduced in 2010.[18] It runs in32-bit mode on anIntel architecture Atom chip.[16]
| Model | 5505[19] | 5510 | 5520[19] | 5540[19] | 5550[19] | 5580-20[19] | 5580-40[19] | 5585-X SSP10[19] | 5585-X SSP20[19] | 5585-X SSP40[19] | 5585-X SSP60[19] |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Cleartextthroughput,Mbit/s | 150 | 300 | 450 | 650 | 1,200 | 5,000 | 10,000 | 3,000 | 7,000 | 12,000 | 20,000 |
| AES/Triple DES throughput, Mbit/s | 100 | 170 | 225 | 325 | 425 | 1,000 | 1,000 | 1,000 | 2,000 | 3,000 | 5,000 |
| Max simultaneous connections | 10,000 (25,000 with Sec Plus License) | 50,000 (130,000 with Sec Plus License) | 280,000 | 400,000 | 650,000 | 1,000,000 | 2,000,000 | 1,000,000 | 2,000,000 | 4,000,000 | 10,000,000 |
| Max site-to-site and remote access VPN sessions | 10 (25 with Sec Plus License) | 250 | 750 | 5,000 | 5,000 | 10,000 | 10,000 | 5,000 | 10,000 | 10,000 | 10,000 |
| Max number of SSL VPN user sessions | 25 | 250 | 750 | 2,500 | 5,000 | 10,000 | 10,000 | 5,000 | 10,000 | 10,000 | 10,000 |
| Model | 5505 | 5510 | 5520 | 5540 | 5550 | 5580-20 | 5580-40 | 5585-X SSP10 | 5585-X SSP20 | 5585-X SSP40 | 5585-X SSP60 |
Cisco determined that most of the low end devices had too little capacity to include the features needed, such as anti-virus, or sandboxing, and so introduced a new line ofnext-generation firewalls calledFirepower. These run in64-bit mode.[16]
The newer 5512-X, 5515-X, 5525-X, 5545-X and 5555-X can have an extra interface card added.[20] The 5585-X also supports an optional security services processor.[21] The ASA 5585-X has a slot for an I/O module which can be subdivided into two half width modules.[22]
| Model[20] | 5506-X | 5506W-X | 5506H-X | 5508-X | 5512-X | 5515-X | 5516-X | 5525-X | 5545-X | 5555-X | 5585-X |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Throughput Gb/s | 0.25 | 0.25 | 0.25 | 0.45 | 0.3 | 0.5 | 0.85 | 1.1 | 1.5 | 1.75 | 4-40 |
| GB ports | 8 | 8 | 4 | 8 | 6 | 6 | 8 | 8 | 8 | 8 | 6-8 |
| Ten GB ports | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 2-4 |
| Form factor | desktop | desktop | desktop | 1 RU | 1RU | 1 RU | 1 RU | 1RU | 1RU | 1RU | 2RU |
{{cite web}}:|last= has generic name (help)