• Register

Network Solutions Unlimited Blog

Network Solutions Unlimited has been serving the Decatur area since 2013, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

The Cisco Vulnerability Requires Multiple Patches

The Cisco Vulnerability Requires Multiple Patches

Virtual private networks are vulnerable to an exploit that was recently brought to light. Cisco has announced that this exploit undermines its ASA, or Adaptive Security Appliance tool. If this issue isn’t patched immediately, you could find your organization vulnerable through remote code exploitation.

This VPN bug can leverage the ASA operating system to enable hackers to breach Cisco security devices. According to Cisco, this Secure Sockets Layer (SSL) can “allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.” This means that an attacker could hypothetically gain complete access to a system and control it - a prospect that any business should see the threat in, especially where their physical security is concerned. In fact, this vulnerability has been ranked as a 10 out of 10 on the Common Vulnerability Score System, making it one of the top vulnerabilities ranked.

Granted, this vulnerability only goes into effect if WebVPN has been enabled, but that doesn’t mean that you can overlook this threat. ZDNet provides the following list of affected devices:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD).

When it was first discovered, this bug had yet to be used “in the wild,” but Cisco was aware of some attempts to change that. This exploit targeted a bug from seven years ago, with a proof of concept demonstrating the use of the exploit - or at least trying to. The proof of concept only resulted in a system crash, but that doesn’t change the fact that this vulnerability can be exploited in other ways, too.

Unfortunately, this vulnerability has now been observed in use, and worse, Cisco’s first attempt to patch it didn’t see to all considerations. As it turned out, there were more attack vectors and features that were not yet identified, as so were not addressed by the patch.

However, Cisco has now released an updated patch, which you need to implement as soon as possible. Otherwise, you are opening up your business security to greater risk. It is always a better practice to attend to known vulnerabilities post haste, as the longer your business is vulnerable, the more likely it is that someone will take advantage of that.

Furthermore, it is also crucial that you stay cognizant of any and all vulnerabilities that are present in your mission-critical software and hardware solutions. This bug is not an isolated case. Others like it have been found before, and more will certainly pop up in the future. Hackers and cybercriminals are constantly working to overcome the security features that software developers implement. It is your responsibility to ensure that you protect your business by implementing security patches and updates promptly.

Network Solutions Unlimited can assist you with that. We can help you ensure that your patches and updates are up-to-date, often without needing to take the time needed for an on-site visit and handling it all remotely. For more information, give us a call at (217) 428-6449.

When it Comes to Security, Two Factors are Better ...
Digital Signatures are More Efficient and Secure
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Friday, November 08, 2024

Captcha Image

Mobile? Grab this Article

QR Code

Latest News & Events

While Decatur Computers and Network Solutions Unlimited, Inc. have always been two faces of the same underlying company, this merger represents a unification and consolidation of the services they offer—and as a result, Decatur Computers’ c...

Contact Us

Learn more about what Network Solutions Unlimited can do for your business.

Call Us Today
Call us today
(217) 428-6449

3090 N Main St
Decatur, Illinois 62526