Cisco Bug Ranks as One of the Worst

Cisco Bug Ranks as One of the Worst

A new exploit is making the rounds in the security environment, and this time, it affects virtual private networks. According to Cisco, the flaw affects its Adaptive Security Appliance (ASA) tool, and it should be patched as quickly as possible. If you don’t do so, your organization could be subject to remote code exploitation as a result of this vulnerability.

Cisco has showcased that the VPN bug can essentially allow hackers to infiltrate their security devices using the ASA operating system. The vulnerability is found in the Secure Sockets Layer (SSL) and can, according to Cisco, “allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.” What does this mean in plain English? In theory, an attacker could take complete and total control over a system (a considerable threat for any organization, especially considering the ramifications from a physical security standpoint). This vulnerability is so dangerous that it has earned a 10-out-of-10 on the Common Vulnerability Score System, taking its place among the upper echelon of major vulnerabilities.

While the vulnerability is only allowed if WebVPN is enabled, it’s still a major threat that you don’t want to overlook. According to ZDNet, here are some of the devices that are affected by this vulnerability:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD).

At its time of discovery, the bug was not being exploited in the wild, but Cisco has been made aware of attempts to leverage of the vulnerability. Since the announcement, the vulnerability has been spotted in the wild, and the initial patch that Cisco implemented to combat this vulnerability proved to insufficient, as there were additional features and attack vectors that were not identified until later.

Cisco has released an updated patch for this vulnerability, so you need to implement it if you don’t want to take a needless risk, and endanger your network and data. It’s a good rule of thumb to never let known vulnerabilities linger too long, as you could be placing your business in harm’s way.

It’s incredibly important that your business be mindful of not just these vulnerabilities, but all vulnerabilities found in critical business software and hardware. This Cisco bug isn’t the first software vulnerability to be found, and it certainly won’t be the last. Hackers are always working to undermine the efforts of developers who are trying to keep their software as secure as possible. It’s up to you to ensure your organization isn’t exposing itself to threats by neglecting patches and security updates.

Infracore LLC can help your organization ensure that patches and updates are applied as needed. We can do this remotely in most cases, without the need for an on-site visit. It’s a great way to get more value out of your business’ technology without sacrificing security. To learn more about how you can make technology work for you, reach out to us at (858) 509-1970.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, 19 March 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Tag Cloud

Tip of the Week Security Privacy Technology Best Practices Cloud Software Microsoft Google Business computing Hackers Network Security Windows 10 Backup Malware Business Smartphones Business Continuity Email Innovation Android Hardware Managed IT Services Alert Small Business Office Browser Hosted Solutions Disaster Recovery Data Computer Computers VoIP Ransomware Outsourced IT Business Management Efficiency Internet Cybercrime Virtualization Data Backup Mobile Devices Productivity Cloud Computing Telephone Systems How To Smartphone Productivity User Tips Chrome Law Enforcement Money Cybersecurity Collaboration Windows Work/Life Balance Social Engineering Managed IT Services Communications IT Services Miscellaneous App Passwords Health Password Social Media Quick Tips Hacking Artificial Intelligence Holiday IT Support Wi-Fi Two-factor Authentication Mobile Device Management Apps Data Recovery Data Security Facebook Communication Bring Your Own Device Office Tips Windows 10 Router Upgrade Office 365 Phishing Private Cloud Data Breach Google Drive Vulnerability HaaS Spam BYOD History Value Automobile Redundancy Flexibility PDF Avoiding Downtime Data Management Workplace Tips Worker Mobility Big Data Managed Service Provider Battery Remote Monitoring Comparison Electronic Medical Records Server Network Automation Data Protection Saving Money Microsoft Office End of Support Update Data Storage Business Intelligence Legal Charger OneNote Keyboard Patch Management Employer-Employee Relationship IT Management Spam Blocking Scam VPN IT Plan Operating System Government Word Internet of Things Computer Care Gadgets Unsupported Software Public Cloud CES Marketing Samsung Remote Computing Remote Work Firewall Emails Flash Workers Bluetooth Solid State Drive Scalability Apple Travel Blockchain Meetings Troubleshooting Networking Identity Theft Smart Technology Infrastructure Audit Loyalty Current Events iPhone HIPAA Multi-Factor Security Physical Security Credit Cards Two Factor Authentication IT solutions User Error Relocation Sync Password Manager Computer Fan Risk Management SaaS Knowledge Human Resources Data loss Trending Fraud IT Support Monitor Instant Messaging Business Mangement Rootkit The Internet of Things Politics Books Network Congestion Information Technology Staff Screen Mirroring HBO Amazon Internet Exlporer Humor Telephony Gmail Training FENG Assessment IT Consultant Education Recovery Cast Specifications Outlook Amazon Web Services Save Money Settings Data storage Skype Recycling Vendor Management Television Emergency Leadership Computing Infrastructure Digital Signature Frequently Asked Questions Online Shopping Save Time Internet exploMicrosoft Start Menu eWaste Public Computer Applications Encryption Millennials Excel Evernote Best Practice Advertising Tools Criminal Cleaning Experience Users Wireless Workforce Tip of the week Wireless Charging Hiring/Firing Content Mobile Device Search Downtime Google Docs Music Transportation webinar Virtual Reality Accountants BDR Windows Server 2008 Cortana Employer Employee Relationship Windows 10s Audiobook Techology Video Games How to Managed IT Root Cause Analysis Website Wearable Technology Safety Benefits Conferencing Worker Commute Software Tips Telecommuting Windows 7 Google Apps Computer Accessories Entertainment Files Black Market Hybrid Cloud Botnet Content Management Voice over Internet Protocol USB Bandwidth Webinar Thank You CrashOverride WiFi Congratulations

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

Digital Hold The Case for Hosting Your Phone Solution In-House
24 February 2018
Informative Blog. Thanks a lot for the useful info.
Maria Albert Download the Wrong App and Have More Than Pokémon Fever Infect Your Device
26 September 2017
Occasionally I strive to not concentrate such these kinds of articles and neglect reading like these...
nathan dwyer Your Guide To Mobile Device Management as an SMB
07 September 2017
I come here after quite a while since 2016 and entire this term i have miss the chance to get inform...