Subscribe to our blog

Articles published weekly by IT security and compliance professionals with decades of experience

  

Subscribe to our blog

Articles published weekly by IT security and compliance professionals with decades of experience

  

Subscribe to our blog

Articles published weekly by IT security and compliance professionals with decades of experience

Urgent Cisco Vulnerability Identified - What You Need To Know!

Jan 31, 2018 12:21:18 PM

We know security is important to you and it has come to our attention there is a vulnerability affecting the Cisco ASA operating system, specifically the SSL VPN (CVE-2018-0101). The vulnerability allows an attacker to take remote control of the system and is very high risk. This vulnerability is so serious that it received a CVSS Score of 10, the highest possible score. The following hardware is affected by this vulnerability:

  • 3000 Series ISA (Industrial Security Appliance)
  • 5500 ASA (Adaptive Security Appliance)
  • 5500 X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches
  • Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software **Note: This bug affects the 6.2.2. FTD. Versions prior to 6.2.2 aren’t vulnerable

If your devices are affected by this vulnerability you can take the following steps:

1. Verify if WebVPN is enabled on the any of your devices by following the instructions found here: 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1

2. Patch your devices – Cisco has released software updates that address the vulnerability.

**Please note, it is extremely important that you patch this vulnerability as there is NO workaround that addresses this vulnerability**

Let us know if you have any questions and stay safe out there! 

You May Also Like

These Stories on Information Security

Subscribe by Email

No Comments Yet

Let us know what you think