Numerous Patches Required for Cisco's Vulnerability

Virtual private networks are susceptible to an exploit that was recently revealed. Cisco has declared that this exploit undermines its Adaptive Security Appliance (ASA) tool. If this issue isn’t patched instantly, you could find your business vulnerable via remote code exploitation.

This VPN bug can force the ASA operating system to allow hackers to breach Cisco security devices. According to Cisco, this Secure Sockets Layer (SSL) can “allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.” This means that a cybercriminal could hypothetically gain complete access to a system and control it, a prospect that any organization should see the threat in. In fact, this vulnerability has been ranked as a 10 out of 10 on the Common Vulnerability Score System.

This vulnerability only occurs if WebVPN has been enabled, but that doesn’t mean that you can afford to not take this threat seriously. ZDNet supplies the following list of affected devices:

• 3000 Series Industrial Security Appliance (ISA)
• ASA 5500 Series Adaptive Security Appliances
• ASA 5500-X Series Next-Generation Firewalls
• ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
• ASA 1000V Cloud Firewall
• Adaptive Security Virtual Appliance (ASAv)
• Firepower 2100 Series Security Appliance
• Firepower 4110 Security Appliance
• Firepower 9300 ASA Security Module
• Firepower Threat Defense Software (FTD).

When it was initially discovered, this bug had yet to be utilized “in the wild,” but Cisco was aware of some attempts to change that. This exploit targeted a bug from seven years ago, with a proof of concept demonstrating the use of the exploit, or at least trying to. The proof of concept only resulted in a system crash, but that doesn’t alter the fact that this vulnerability can be exploited in other ways, too.

Sadly, this vulnerability has now been observed in use, and worse, Cisco’s initial attempt to patch it didn’t see to all related variables. As it turned out, there were more attack vectors and features that were not yet identified, and so they were not addressed by the patch.

Nevertheless, Cisco has now released an upgraded patch, which you need to implement as soon as possible. If you don't, you are opening up your business security to far greater risk. It is always a better practice to attend to known vulnerabilities ASAP, as the longer your business is vulnerable, the more likely it is that someone will take advantage of that.

Moreover, it is also critical that you stay aware of all vulnerabilities that are present in your mission-critical software and hardware solutions. This bug is not an isolated incident. Others like it have been found before, and more will certainly appear in the future. Hackers and cybercriminals are constantly working to overcome the security features that software developers implement. It is your responsibility to ensure that you protect your business by implementing security patches and updates promptly.

Macro Systems can help you with that. We can help you ensure that your patches and updates are as current as possible, often without needing to take the time needed for an on-site visit and handling it all remotely. For more information, give us a call at 703-359-9211.