Cisco Bug Ranks as One of the Worst

Cisco Bug Ranks as One of the Worst

A new exploit is making the rounds in the security environment, and this time, it affects virtual private networks. According to Cisco, the flaw affects its Adaptive Security Appliance (ASA) tool, and it should be patched as quickly as possible. If you don’t do so, your organization could be subject to remote code exploitation as a result of this vulnerability.

Cisco has showcased that the VPN bug can essentially allow hackers to infiltrate their security devices using the ASA operating system. The vulnerability is found in the Secure Sockets Layer (SSL) and can, according to Cisco, “allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.” What does this mean in plain English? In theory, an attacker could take complete and total control over a system (a considerable threat for any organization, especially considering the ramifications from a physical security standpoint). This vulnerability is so dangerous that it has earned a 10-out-of-10 on the Common Vulnerability Score System, taking its place among the upper echelon of major vulnerabilities.

While the vulnerability is only allowed if WebVPN is enabled, it’s still a major threat that you don’t want to overlook. According to ZDNet, here are some of the devices that are affected by this vulnerability:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD).

At its time of discovery, the bug was not being exploited in the wild, but Cisco has been made aware of attempts to leverage of the vulnerability. Since the announcement, the vulnerability has been spotted in the wild, and the initial patch that Cisco implemented to combat this vulnerability proved to insufficient, as there were additional features and attack vectors that were not identified until later.

Cisco has released an updated patch for this vulnerability, so you need to implement it if you don’t want to take a needless risk, and endanger your network and data. It’s a good rule of thumb to never let known vulnerabilities linger too long, as you could be placing your business in harm’s way.

It’s incredibly important that your business be mindful of not just these vulnerabilities, but all vulnerabilities found in critical business software and hardware. This Cisco bug isn’t the first software vulnerability to be found, and it certainly won’t be the last. Hackers are always working to undermine the efforts of developers who are trying to keep their software as secure as possible. It’s up to you to ensure your organization isn’t exposing itself to threats by neglecting patches and security updates.

Infracore LLC can help your organization ensure that patches and updates are applied as needed. We can do this remotely in most cases, without the need for an on-site visit. It’s a great way to get more value out of your business’ technology without sacrificing security. To learn more about how you can make technology work for you, reach out to us at (858) 509-1970.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, June 24 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Tag Cloud

Tip of the Week Security Privacy Technology Best Practices Cloud Google Business computing Microsoft Software Network Security Hackers Backup Malware Windows 10 Internet Android Business Email Smartphones Innovation Hosted Solutions Managed IT Services Hardware Alert Browser Data Small Business Business Continuity VoIP Office Ransomware Business Management Computers Disaster Recovery Smartphone Computer Tech Term Outsourced IT User Tips Efficiency Cybercrime Law Enforcement Productivity Cloud Computing IT Services Money Telephone Systems Mobile Devices How To Communications Chrome Productivity Cybersecurity Collaboration Data Backup Virtualization Artificial Intelligence Managed IT Services Office 365 Facebook Social Engineering Miscellaneous Router Upgrade App Health Passwords Password Social Media Windows Data Recovery Work/Life Balance Quick Tips Internet of Things Communication Bring Your Own Device Windows 10 Two-factor Authentication Phishing Network Automation Word Office Tips Data Breach Saving Money Vulnerability Data Protection Spam Hacking Holiday Wi-Fi Mobile Device Management Private Cloud Connectivity Google Drive Workplace Tips HaaS Apps Data Security IT Support Server CES Electronic Medical Records Website Flexibility Microsoft Office Content Management PDF Update Data Storage Mobility Managed Service Provider Legal Charger OneNote Identity Theft Keyboard IT Management Infrastructure Patch Management Employer-Employee Relationship Applications Spam Blocking Cleaning IT Plan Scam Operating System Mobile Device Computer Care Unsupported Software End of Support Comparison Managed IT Entertainment Samsung Remote Computing Windows 7 USB Bandwidth BYOD Business Intelligence Value Automobile Government Gadgets Redundancy Avoiding Downtime Data Management Public Cloud Worker Marketing VPN Big Data Remote Monitoring History Battery Apple YouTube HBO Training FENG Telecommuting Assessment Telephony Recovery Cast Google Apps IT Consultant Education iPhone Outlook Save Money Settings Voice over Internet Protocol Practices Vendor Management Remote Work Television Skype Addiction Workers Emergency Leadership User Error Computing Infrastructure Relocation Frequently Asked Questions Blockchain Save Time Start Menu Hosted Computing Public Computer Monitor Cache Information Technology Multi-Factor Security Best Practice Servers Excel HIPAA Tools Inventory Credit Cards Experience Users Humor Wireless Internet Password Manager Internet Exlporer Hiring/Firing Trending Content HVAC Tip of the week Human Resources Access Control Downtime Fraud Music Data storage Search Virtual Reality Wire Business Mangement Transportation webinar Employer Employee Relationship Windows 10s Audiobook Video Games Windows Server 2008 Staff Authentication Root Cause Analysis Amazon Wearable Technology Safety How to Worker Commute Sports Software Tips Gmail Benefits Conferencing Internet exploMicrosoft Computer Accessories Specifications Botnet Nanotechnology Amazon Web Services Black Market Smart Office Recycling Firewall Emails Advertising Bluetooth Solid State Drive Wireless Scalability Flash Digital Signature Travel Smart Tech Meetings Online Shopping Troubleshooting Networking Document Management eWaste Smart Technology Audit Millennials Loyalty Encryption Techology Evernote Current Events Paperless Office Physical Security Criminal Two Factor Authentication IT solutions Computer Fan Workforce Risk Management SaaS Sync Devices Data loss Wireless Charging Knowledge Files Machine Learning IT Support Hybrid Cloud Google Docs Rootkit The Internet of Things BDR Politics Instant Messaging Accountants Thought Leadership Screen Mirroring Cortana Books Network Congestion Twitter Company Culture Managing Stress CrashOverride Enterprise Content Management Thank You Password Management Congratulations NIST Webinar WiFi

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

Digital Hold The Case for Hosting Your Phone Solution In-House
24 February 2018
Informative Blog. Thanks a lot for the useful info.
Maria Albert Download the Wrong App and Have More Than Pokémon Fever Infect Your Device
26 September 2017
Occasionally I strive to not concentrate such these kinds of articles and neglect reading like these...
nathan dwyer Your Guide To Mobile Device Management as an SMB
07 September 2017
I come here after quite a while since 2016 and entire this term i have miss the chance to get inform...