Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Cisco Issues New Patch for Critical ASA Vulnerability
Cisco engineers discover that the flaw in Adaptive Security Appliance devices is worse than they initially understood.
1 Min Read
One week after network administrators had begun deploying patches for a critical (CVSS 10.0) vulnerability in Cisco Adaptive Security Appliance (ASA) devices, Cisco released a second advisory, stating that the patch would not fix the whole problem.
Cisco released an updated patch Monday, and although there are no reports of active exploits, they urge customers to deploy the fix right away.
The vulnerability, CVE-2018-0101, is a remote code execution flaw in the ASA software XML parser that requires no authentication to exploit. It was originally fixed Jan. 29. The updated patch was necessary, because after further investigation, Cisco engineers discovered that the vuln affected more features and had more attack vectors than they initially believed.
"In addition," Cisco principal engineer Omar Santos wrote in the Cisco Product Security Incident Response Team blog, "it was also found that the original list of fixed releases published in the security advisory were later found to be vulnerable to additional denial of service conditions."
For more information, see here.
About the Author
You May Also Like
More Insights
