fbpx
Mytek Logo
MyTek Logo

The Cisco Vulnerability Requires Multiple Patches

by | Mar 2, 2018 | Alerts, MyTek Blog

Q

Subscribe To The Blog

By subscribing to the blog, you will be notified when a new blog post is created on the site.

An exploit of virtual private networks (VPNs) has recently been brought to light. It has been found out that the Adaptive Security Appliance tool (ASA) was the tool that Cisco has announced to be vulnerable. If this issue isn’t patched immediately, many organizations can find themselves to be vulnerable to remote code exploitation. 

Hackers can breach Cisco security devices by using this VPN bug to leverage ASA operating systems. Cisco said that the Secure Sockets Later can “allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.” Hypothetically, this means that a hacker can gain complete access to a system and control it, which is a threat to businesses, especially within the physical security realm. On the Common Vulnerability Score System, it was ranked 10 out of 10 making it one of the top vulnerabilities that have been ranked. 

Though the vulnerability can only go into effect if WebVPN is enabled, it doesn’t mean it is a threat that you should overlook. The following list of affected devices was provided by ZDNet, including:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD).

Cisco was aware of some attempts to change the bug when it was first discovered because had never been used “in the wild.” The exploit originally targeted a bug from seven years ago, and it originally resulted in a system crash. Even so, that doesn’t mean this vulnerability can be exploited in other ways.

The first Cisco vulnerability patch didn’t exactly work, and then vulnerability has been observed in use. Then, more attack vectors and features that were not yet identified, so they were not addressed by the patch.

Now, Cisco has released an updated Cisco vulnerability patch and you should implement it as soon as you can. Otherwise, more time can lead to an even greater risk. You should always be on the lookout for patches and updates so that your business can promptly fix any vulnerabilities that can lead to damages. MyTek can be an asset when you are protecting your business, give us a call today to learn more at 623-312-2440.

ABOUT THE AUTHOR

Tim - Team

Tim Tiller, LMSW

 
Tim Tiller, MSW brings a deep service background to his role at Mytek, having graduated from McDonald’s management training program, fresh out of high school, and working his way up through the ranks in the hospitality industry. He has led two prior companies – Multi-Systems Inc., an IT-focused organization providing technology to hospitality companies (where he was named President at age 36), and most recently, as Chief Operating Officer for Jewish Voice Ministries International.

Q

Subscribe To This Author

By subscribing to the author, you will be notified when a new blog post is created by the author.

AUTHOR’S RECENT POSTS

Top 5 Hardware Monitoring Software 

Did you know that almost 40% of servers had at least one outage in the last twelve months? Veeam reports that the most common reason for outrages is infrastructure failure which puts the current hardware monitoring practices under the scanner. Hardware failures are...

Types of Mobile Malware & How to Defend Against Them

Malware has a long history of undermining computer security and stealing critical data. With the rapid growth of mobile usage, we're now seeing a new breed of mobile malware infecting smartphones and tablets. The new-age mobile malware are more advanced, seamless, and...

How to Protect Your Data Privacy & Enhance IT Security

Every time you use a device, you enter, modify or access data. Some of your usages are routine and public but sometimes you perform tasks that are confidential in your personal life or business. Naturally, this type of data is private and it should be kept that way....

Mobile? Grab this Article!

QR Code

Blog Archive

Generated by Feedzy
Share This