The “perfect 10.0” critical vulnerability Cisco announced last week that impacts its Adaptive Security Appliance (ASA) devices has additional attack vectors and affects various features. A company investigation revealed the original security patch did not identify or fix the entire problem, so a new fix for Cisco ASA platforms is now available. This means Cisco customers will have additional downtime for security maintenance in order to fix a bug that allows an unauthenticated, remote attacker to execute code and cause system reloads. The problem is raising small hell on social media from systems and network administrators about additional downtime. Heads up: Cisco just updated the advisory on CVE-2018-0101 (ASA webvpn / AnyConnect RCE) with a newer software release to fix additional exploitation vectors not covered in last week’s patch. https://t.co/onwRSoXAla — David Longenecker (@dnlongen) February 5, 2018 For a whole week I have been patching ASAs with CVE-2018-0101. Today Cisco reports that the patches are not […]
The post Cisco investigation reveals ASA vulnerability is worse than originally thought appeared first on Cyberscoop.
Continue reading Cisco investigation reveals ASA vulnerability is worse than originally thought→