Building a slide deck, pitch, or presentation? Here are the big takeaways:

  • A major vulnerability affecting Cisco217;s Adaptive Security Appliance is now under attack by hackers, according to Cisco.
  • that use a Cisco Adaptive Security Appliance should update the software as soon as possible to avoid issues associated with a recently-discovered flaw.

A critical flaw in Cisco’s Adaptive Security Appliance () is now under attack, according to a security advisory posted by the company.

“The Cisco Product Security Incident Response Team (PSIRT) is aware of public knowledge of the vulnerability that is described in this advisory,” the advisory reads. “Cisco PSIRT is aware of attempted malicious use of the vulnerability described in this advisory.”

Cisco has been urging users to patch their systems to protect against a critical vulnerability after it was first reported earlier this week. With actual attacks attempted, though, the need for IT to begin updating ASA systems is paramount.

SEE: Network security policy ( Pro Research)

The flaw in question affected that have the webvpn feature enabled, the advisory said. And it’s a major vulnerability: Cisco noted that the flaw received a Common Vulnerability Scoring System (CVSS) score of out of —the highest possible rating.

The flaw, originally reported by Cedric Halbronn from the NCC Group, could affect some 200,000 devices, according to a tweet from security researcher Kevin Beaumont. By sending a specialized XML packets to a webvpn-configured interface, attackers can gain control of the system and reload an affected device, the advisory noted.

While Cisco originally tried to patch the flaw when it was reported, the firm determined that the original update was “incomplete” and had to later issue a new patch. At that time, though, Cisco wasn’t aware of any malicious activity attempting to exploit the flaw.

Users can find a list of vulnerable Cisco products and steps for determining their product’s risk here. There aren’t any workarounds for the vulnerability—IT must patch if it wants to remain safe.

Also see

hack.jpg  - hack - Hackers are now attacking Cisco ASA VPN bug

Image: iStockphoto/welcomia

Source link


Please enter your comment!
Please enter your name here