Cisco Bug Ranks as One of the Worst

Cisco Bug Ranks as One of the Worst

A new exploit is making the rounds in the security environment, and this time, it affects virtual private networks. According to Cisco, the flaw affects its Adaptive Security Appliance (ASA) tool, and it should be patched as quickly as possible. If you don’t do so, your organization could be subject to remote code exploitation as a result of this vulnerability.

Cisco has showcased that the VPN bug can essentially allow hackers to infiltrate their security devices using the ASA operating system. The vulnerability is found in the Secure Sockets Layer (SSL) and can, according to Cisco, “allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.” What does this mean in plain English? In theory, an attacker could take complete and total control over a system (a considerable threat for any organization, especially considering the ramifications from a physical security standpoint). This vulnerability is so dangerous that it has earned a 10-out-of-10 on the Common Vulnerability Score System, taking its place among the upper echelon of major vulnerabilities.

While the vulnerability is only allowed if WebVPN is enabled, it’s still a major threat that you don’t want to overlook. According to ZDNet, here are some of the devices that are affected by this vulnerability:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD).

At its time of discovery, the bug was not being exploited in the wild, but Cisco has been made aware of attempts to leverage of the vulnerability. Since the announcement, the vulnerability has been spotted in the wild, and the initial patch that Cisco implemented to combat this vulnerability proved to insufficient, as there were additional features and attack vectors that were not identified until later.

Cisco has released an updated patch for this vulnerability, so you need to implement it if you don’t want to take a needless risk, and endanger your network and data. It’s a good rule of thumb to never let known vulnerabilities linger too long, as you could be placing your business in harm’s way.

It’s incredibly important that your business be mindful of not just these vulnerabilities, but all vulnerabilities found in critical business software and hardware. This Cisco bug isn’t the first software vulnerability to be found, and it certainly won’t be the last. Hackers are always working to undermine the efforts of developers who are trying to keep their software as secure as possible. It’s up to you to ensure your organization isn’t exposing itself to threats by neglecting patches and security updates.

Infracore LLC can help your organization ensure that patches and updates are applied as needed. We can do this remotely in most cases, without the need for an on-site visit. It’s a great way to get more value out of your business’ technology without sacrificing security. To learn more about how you can make technology work for you, reach out to us at (858) 509-1970.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, September 22 2018

Captcha Image

Tag Cloud

Tip of the Week Security Technology Privacy Best Practices Cloud Business computing Network Security Google Malware Hackers Microsoft Software Innovation Backup Tech Term Internet Data Smartphones Hosted Solutions Hardware Email Windows 10 Business Mobile Devices Android Small Business Managed IT Services VoIP Business Continuity Alert Browser User Tips Smartphone Computer Office Data Backup Business Management IT Services Ransomware Computers Cloud Computing Outsourced IT Disaster Recovery Cybercrime Miscellaneous Communications Efficiency Artificial Intelligence Law Enforcement Productivity Password Applications Facebook Virtualization Windows How To Workplace Tips Telephone Systems Productivity Money Network Passwords Internet of Things Collaboration Cybersecurity Chrome Data Recovery Router Social Media Communication Managed IT Services Office 365 Quick Tips Saving Money Windows 10 Upgrade Work/Life Balance Health App Gadgets Social Engineering Google Drive Vulnerability Wi-Fi Automation Spam Two-factor Authentication Bring Your Own Device Save Money Mobile Device Management Connectivity Apps Holiday HaaS Phishing Office Tips Server IT Support IT Support Data Security Word Private Cloud Microsoft Office Data Breach Hacking Data Protection Legal Windows 7 Mobility Automobile Settings Business Intelligence BYOD Blockchain Samsung Electronic Medical Records Data Storage Update Training Identity Theft Bandwidth End of Support Infrastructure Entertainment Data Management Encryption History USB Value OneNote IT Management Information Mobile Device Redundancy Paperless Office Firewall Networking Spam Blocking VPN Marketing Avoiding Downtime Employer-Employee Relationship PDF IT Plan Managed Service Keyboard Charger Battery Operating System BDR Patch Management Virtual Assistant Managed Service Provider Comparison Government Unsupported Software Website CES Cleaning Remote Computing Worker Sports Scam Remote Monitoring Flexibility Big Data Managed IT Public Cloud Content Management Computer Care Recovery Recycling Politics Rootkit Smart Office Remote Work Practices Transportation Safety Humor Internet Exlporer Cast Workers Addiction Employer Employee Relationship Outlook Camera Digital Signature Books Assessment Wireless Files Botnet NIST IT Consultant Hybrid Cloud Emails Augmented Reality Wearable Technology Data storage Skype Online Shopping Smart Tech eWaste Best Practice Solid State Drive Flash Document Management Hosted Computing Benefits Cache Computer Accessories Frequently Asked Questions Millennials Television Meetings Travel Cryptocurrency Leadership Techology Users Apple Remote Worker Multi-Factor Security HIPAA Information Technology Start Menu Servers Evernote Criminal Vendor Management Content Audit Credit Cards Inventory Internet exploMicrosoft Password Manager Bluetooth Excel Wireless Internet Workforce Emergency Public Computer Search Safe Mode Devices Save Time Virtual Reality iPhone IT solutions Physical Security Wiring Trending Human Resources Troubleshooting Loyalty Instant Messaging Tools HVAC Wireless Charging Advertising Google Docs Video Games Audiobook Computer Fan Sync Machine Learning Fraud Access Control Smart Technology Current Events Business Mangement Tip of the week Wire Accountants How to Relocation User Error Data loss Cortana Thought Leadership Worker Commute Unified Threat Management Staff SaaS Downtime Enterprise Content Management webinar MSP Experience Monitor The Internet of Things YouTube Amazon Authentication Two Factor Authentication Knowledge Education Telephone System Gmail Risk Management Windows 10s Windows Server 2008 Telecommuting Black Market Screen Mirroring Google Apps Hiring/Firing HBO Mobile Computing Specifications Root Cause Analysis Password Management Computing Infrastructure Conferencing Software Tips File Sharing Voice over Internet Protocol Music Scalability FENG Telephony Amazon Web Services Nanotechnology Network Congestion Compliance Managing Stress Regulation Printers Webinar WiFi Thank You CrashOverride Congratulations Twitter Company Culture

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

AgustinMMontgomery MasterCard Wants Your Selfie, But it’s Not for What You Think it’s For
19 September 2018
You have to share this wonderful article about how to handle the mobile payments and speedypaper rev...
JohnSHarper Tip of the Week: Working from Google Home
18 September 2018
Sharing these type tips are very effective for the readers and working from Google home is no secret...
Jesse Icely Study Finds that 45% of Virtual Machines Would Run More Efficiently in the Cloud
13 September 2018
Study has been pivotal goal for the generations. It has been marked with https://www.rushmyessays.or...
Malcolm Curtis Why You’ll Want to Consider Hosted VoIP Telephony
11 September 2018
VoIP was a new technology that was launched in this country this was just amazing it need 5g to get ...
Nomlanga Leach Alert: 33.7 Millions Records Released to Public Due to Leak of Massive Marketing Database
08 September 2018
Marketing database was reveal this year by a hacker that was not good news this was happened many ti...