News

Cisco closes critical leak in VPN function of ASA software

By admin
Spread the love

Network equipment manufacturer Cisco has patched a critical software leak for its ASA devices. This is present in the vpn feature and allows a remote attacker to execute code and take over the device.

Cisco has given the vulnerability, identifier CVE-2018-0101, a maximum cvss score of 10, making it a critical vulnerability. An attacker can only exploit the so-called double free leak if the web VPN function is enabled on the ASA network equipment. This is possible by using special XML packages, according to Cisco.

Vulnerable devices

That way it is possible to run code and take over the device, or to trigger a reload. The vulnerability is publicly known, according to Cisco, but the company says it is not aware of attackers who are actively using it.

Cisco has published a list of vulnerable devices and writes that the vulnerability is present in the so-called FTD software from version 6.2.2 because a remote access VPN function was introduced in that version.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Logitech acquires stream controller maker Loupedeck

News

Anticheat FaceIT gets Linux version, enables Steam Deck support

News

Rumor: EU starts investigation into Microsoft for including Teams with Office