Infracore LLC Blog

Cisco Bug Ranks as One of the Worst

Cisco Bug Ranks as One of the Worst

A new exploit is making the rounds in the security environment, and this time, it affects virtual private networks. According to Cisco, the flaw affects its Adaptive Security Appliance (ASA) tool, and it should be patched as quickly as possible. If you don’t do so, your organization could be subject to remote code exploitation as a result of this vulnerability.

Cisco has showcased that the VPN bug can essentially allow hackers to infiltrate their security devices using the ASA operating system. The vulnerability is found in the Secure Sockets Layer (SSL) and can, according to Cisco, “allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.” What does this mean in plain English? In theory, an attacker could take complete and total control over a system (a considerable threat for any organization, especially considering the ramifications from a physical security standpoint). This vulnerability is so dangerous that it has earned a 10-out-of-10 on the Common Vulnerability Score System, taking its place among the upper echelon of major vulnerabilities.

While the vulnerability is only allowed if WebVPN is enabled, it’s still a major threat that you don’t want to overlook. According to ZDNet, here are some of the devices that are affected by this vulnerability:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD).

At its time of discovery, the bug was not being exploited in the wild, but Cisco has been made aware of attempts to leverage of the vulnerability. Since the announcement, the vulnerability has been spotted in the wild, and the initial patch that Cisco implemented to combat this vulnerability proved to insufficient, as there were additional features and attack vectors that were not identified until later.

Cisco has released an updated patch for this vulnerability, so you need to implement it if you don’t want to take a needless risk, and endanger your network and data. It’s a good rule of thumb to never let known vulnerabilities linger too long, as you could be placing your business in harm’s way.

It’s incredibly important that your business be mindful of not just these vulnerabilities, but all vulnerabilities found in critical business software and hardware. This Cisco bug isn’t the first software vulnerability to be found, and it certainly won’t be the last. Hackers are always working to undermine the efforts of developers who are trying to keep their software as secure as possible. It’s up to you to ensure your organization isn’t exposing itself to threats by neglecting patches and security updates.

Infracore LLC can help your organization ensure that patches and updates are applied as needed. We can do this remotely in most cases, without the need for an on-site visit. It’s a great way to get more value out of your business’ technology without sacrificing security. To learn more about how you can make technology work for you, reach out to us at (858) 509-1970.

Tech Term: Understanding Encryption
A Brief Dive into Digital Signatures
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, December 11 2018

Captcha Image

Tag Cloud

Tip of the Week Security Technology Privacy Best Practices Cloud Business computing Network Security Google Microsoft Hosted Solutions Malware Hackers Innovation Software Data Internet Hardware Business Backup Smartphones User Tips Tech Term Email Data Backup Windows 10 Browser Business Continuity Android Mobile Devices VoIP Computer IT Services Outsourced IT Business Management Data Recovery Managed IT Services Cloud Computing Productivity Small Business Alert Workplace Tips Communications Smartphone Office Efficiency Chrome Ransomware Computers Disaster Recovery Managed IT Services Miscellaneous Artificial Intelligence Cybercrime Communication Law Enforcement Network Telephone Systems Productivity How To Money Passwords Router Collaboration Cybersecurity Social Media Internet of Things Office 365 IT Support Password Applications Facebook Virtualization Windows Windows 10 Information Server Holiday Health App Social Engineering Gadgets Word Google Drive Saving Money Quick Tips Spam Upgrade Work/Life Balance Two-factor Authentication Office Tips Mobile Device Management IT Support Keyboard Connectivity Managed Service Microsoft Office Hacking Private Cloud Phishing Wi-Fi Scam Data Breach Data Security BDR Automation Data Protection Mobile Device Vulnerability Apps Voice over Internet Protocol Bring Your Own Device HaaS Save Money Blockchain Servers Battery Firewall Networking Data Storage Paperless Office Identity Theft Update Encryption OneNote Infrastructure PDF Employer-Employee Relationship Remote Computing Charger Redundancy IT Management Spam Blocking Patch Management Avoiding Downtime VPN Virtual Assistant Managed Service Provider Flexibility Human Resources Cleaning Government IT Plan Worker Operating System Fraud Google Docs Legal Sports Big Data Telephone System Mobility Automobile Comparison Computer Care Public Cloud Unsupported Software Software as a Service Remote Monitoring Website CES Managed IT Data Management Samsung Telephony Electronic Medical Records Content Management Training Windows 7 End of Support Bandwidth Settings Marketing History Entertainment Business Intelligence USB Value BYOD Video Games Audiobook Vendor Management Solid State Drive Flash Online Shopping Internet exploMicrosoft Smart Tech Remote Worker Frequently Asked Questions Search Engine How to Hosted Computing Emergency Public Computer Meetings Travel eWaste Bluetooth Wireless Internet Warranty Millennials Troubleshooting Loyalty Start Menu Safe Mode iPhone Worker Commute Cache Save Time Multi-Factor Security HIPAA Audit HVAC Evernote Advertising Education Smart Technology Current Events Wiring Excel Machine Learning Bing Relocation Credit Cards User Error Black Market Inventory WiFi Criminal IT solutions Physical Security Wire Printer Workforce SaaS Tools Password Manager Unified Threat Management Trending Monitor Scalability Experience Computer Fan Sync Enterprise Content Management Wireless Charging Computing Infrastructure Devices Two Factor Authentication Knowledge Risk Management Tip of the week YouTube Help Desk Access Control Data loss MSP Mouse Wireless Accountants Downtime Business Mangement Hiring/Firing Mobile Computing Staff Music The Internet of Things Password Management Cortana Thought Leadership Network Congestion webinar Politics Rootkit Windows 10s Windows Server 2008 Humor Amazon Internet Exlporer Authentication Transportation Safety Screen Mirroring File Sharing Best Practice HBO Smart Office Administrator Telecommuting Files Books Assessment Root Cause Analysis Gmail Employer Employee Relationship Camera Information Technology Specifications Data storage Wearable Technology FENG NIST Techology Google Apps Hybrid Cloud Users IT Consultant Conferencing Software Tips Content Shortcuts Amazon Web Services Nanotechnology Benefits Cast Augmented Reality Outlook Document Management Microchip Remote Work Search Practices Television Botnet Recovery Recycling Computer Accessories Instant Messaging Digital Signature Skype Cryptocurrency Apple Workers Virtual Reality Addiction Leadership Emails Thank You Webinar Congratulations CrashOverride Company Culture Compliance Twitter Managing Stress Regulation Printers

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

Phillip Bond A Checklist of 40 Microsoft Software Titles Reaching End of Life/Extended Support in July 2016
11 December 2018
A checklist of the components is done for the widening of the elements. The scope of the check list ...
Erickson Ferry Tip of the Week: Useful Shortcuts for Google
30 November 2018
Your blog was too good. I was exceptionally satisfied to discover this site. I needed to thank you f...
Alex Ling Would Your Users be Tricked by Social Engineering?
27 November 2018
I came to know about the user that was tricked by the users in this community this was all on social...
Daniel Mcmahon Ancient Greek Computer in Serious Need of Firmware Update
23 November 2018
Computers which are imported from the Greek now want to update the all software that is firmware tra...
Cameran Moon Download the Wrong App and Have More Than Pokémon Fever Infect Your Device
22 November 2018
Infra core was the heart of IT they told us that if we download a wrong application it will infect o...