Infracore LLC Blog

Cisco Bug Ranks as One of the Worst

Cisco Bug Ranks as One of the Worst

A new exploit is making the rounds in the security environment, and this time, it affects virtual private networks. According to Cisco, the flaw affects its Adaptive Security Appliance (ASA) tool, and it should be patched as quickly as possible. If you don’t do so, your organization could be subject to remote code exploitation as a result of this vulnerability.

Cisco has showcased that the VPN bug can essentially allow hackers to infiltrate their security devices using the ASA operating system. The vulnerability is found in the Secure Sockets Layer (SSL) and can, according to Cisco, “allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.” What does this mean in plain English? In theory, an attacker could take complete and total control over a system (a considerable threat for any organization, especially considering the ramifications from a physical security standpoint). This vulnerability is so dangerous that it has earned a 10-out-of-10 on the Common Vulnerability Score System, taking its place among the upper echelon of major vulnerabilities.

While the vulnerability is only allowed if WebVPN is enabled, it’s still a major threat that you don’t want to overlook. According to ZDNet, here are some of the devices that are affected by this vulnerability:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD).

At its time of discovery, the bug was not being exploited in the wild, but Cisco has been made aware of attempts to leverage of the vulnerability. Since the announcement, the vulnerability has been spotted in the wild, and the initial patch that Cisco implemented to combat this vulnerability proved to insufficient, as there were additional features and attack vectors that were not identified until later.

Cisco has released an updated patch for this vulnerability, so you need to implement it if you don’t want to take a needless risk, and endanger your network and data. It’s a good rule of thumb to never let known vulnerabilities linger too long, as you could be placing your business in harm’s way.

It’s incredibly important that your business be mindful of not just these vulnerabilities, but all vulnerabilities found in critical business software and hardware. This Cisco bug isn’t the first software vulnerability to be found, and it certainly won’t be the last. Hackers are always working to undermine the efforts of developers who are trying to keep their software as secure as possible. It’s up to you to ensure your organization isn’t exposing itself to threats by neglecting patches and security updates.

Infracore LLC can help your organization ensure that patches and updates are applied as needed. We can do this remotely in most cases, without the need for an on-site visit. It’s a great way to get more value out of your business’ technology without sacrificing security. To learn more about how you can make technology work for you, reach out to us at (858) 509-1970.

Tech Term: Understanding Encryption
A Brief Dive into Digital Signatures
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, March 24 2019

Captcha Image

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Cloud Business computing Google Hosted Solutions Network Security Productivity Malware Data Innovation Software Microsoft User Tips Hackers Internet Hardware Tech Term Business Email Smartphones Mobile Devices Backup Workplace Tips Communications VoIP Data Backup Android Business Continuity IT Services Smartphone Efficiency Windows 10 Browser Computer Business Management Cloud Computing Disaster Recovery Small Business Data Recovery Outsourced IT Managed IT Services Alert Windows 10 Computers Miscellaneous Artificial Intelligence Router Ransomware Office Communication Chrome Managed IT Services Law Enforcement Internet of Things Network IT Support Cybersecurity Cybercrime Windows Mobile Device How To Quick Tips Server Telephone Systems Productivity Holiday Money Passwords Health Collaboration Office 365 Social Media Password Applications Facebook Virtualization Gadgets Information Work/Life Balance Google Drive Automation Saving Money Upgrade App Word Wi-Fi Private Cloud Spam Social Engineering Paperless Office Apps HaaS Managed Service Mobile Device Management BDR Office Tips Bring Your Own Device IT Support Save Money Phishing Data Protection Microsoft Office Voice over Internet Protocol Operating System Hacking Data Security Keyboard Two-factor Authentication Mobility Encryption Data Breach Connectivity Vulnerability Scam Settings BYOD Computer Care VPN Data Storage Public Cloud Human Resources Meetings Google Docs Marketing Fraud Access Control OneNote Electronic Medical Records Samsung Machine Learning Battery Bandwidth Virtual Assistant IT Management Training Comparison Redundancy Avoiding Downtime End of Support Entertainment Website CES Spam Blocking History USB Value Firewall Networking Telephone System IT Plan Remote Computing Sports Content Management Flexibility Save Time Employer-Employee Relationship Software as a Service Unsupported Software PDF Charger Business Intelligence Remote Monitoring Legal Blockchain Patch Management Managed IT Automobile Update Augmented Reality Identity Theft Telephony Infrastructure Managed Service Provider Cleaning Cryptocurrency Government Worker Windows 7 Botnet Data Management Big Data Servers Skype Techology Users Network Congestion Password Manager ISP Emails Information Technology Music Workforce Search Engine Transportation Safety Wireless Charging Devices Safe Mode Employee Politics Content Rootkit Trending Wireless Internet Warranty Solid State Drive Flash Vendor Humor Travel Internet Exlporer Employer Employee Relationship Wiring Frequently Asked Questions Search Books Assessment HVAC Start Menu Files Virtual Reality IT Consultant Business Mangement Cryptomining Instant Messaging Wearable Technology Accountants Bing Benefits Cortana Thought Leadership Digital Signage Hybrid Cloud Video Games Audiobook Staff Wire Printer Audit Data storage Enterprise Content Management Display Computer Accessories Unified Threat Management Excel How to Television Amazon Authentication Tools Worker Commute Leadership Gmail MSP Database IT solutions Physical Security Telecommuting YouTube Help Desk Sync Education Google Apps Google Search Apple Vendor Management Specifications Mouse Computer Fan Nanotechnology Password Management Security Cameras Data loss Internet exploMicrosoft Bluetooth Mobile Computing Tip of the week Black Market Emergency Public Computer Amazon Web Services Downtime Recovery Recycling File Sharing Business Technology Troubleshooting Loyalty Remote Work Practices The Internet of Things Computing Infrastructure Smart Technology Current Events Workers Addiction Proactive IT webinar iPhone Scalability Digital Signature Smart Office Administrator Online Shopping Smart Tech NIST Hacker Screen Mirroring Advertising Camera Windows 10s Windows Server 2008 Root Cause Analysis Relocation User Error eWaste Biometric Security HBO Wireless SaaS Hosted Computing Shortcuts FENG Two Factor Authentication Knowledge Cache Net Neutrality Conferencing Software Tips Experience Millennials Document Management Microchip Evernote Smartwatch Cast Best Practice Risk Management Multi-Factor Security HIPAA Monitor Hiring/Firing WiFi Criminal Remote Worker Outlook Credit Cards Inventory Social Webinar CrashOverride Twitter Thank You Company Culture Compliance Congratulations Managing Stress Regulation Printers

Recent Comments

Griffin Sweet Encryption Helps Keep your Smartphone Secure
22 March 2019
Security of the smart phone is made possible by the installation of such software’s. The hard cover ...
Thaddeus Greer Can Chargers Be Interchanged Between Devices?
21 March 2019
The infracore is known as the heart of the information technology all over the world and the issue d...
AngusCousens What is Encryption, Anyways?
19 March 2019
When we hold the computer the basic and stylish accessories with the desktop is the requirement of e...
Kevyn Hawkins In the Midst of Chaotic Financial Markets, Technology Remains a Constant
15 March 2019
For the finance market we have to read this blog really and very carefully for the chapter of the pa...
Micheal williams Tip of the Week: Improve Email Open Rates With an Attention-Grabbing Title
15 March 2019
In this modern world, technology has changed the world and even it has created many chances to creat...