Cisco Issues 'Critical' Firewall Security Vulnerability Alert For VPN Devices


Cisco Systems says it has identified a critical software security vulnerability in several of its firewalls, switches, routers and security software that could let cyber-attackers into VPN devices.

The vulnerability is in the Secure Sockets Layer VPN functionality of Cisco Adaptive Security Appliance [ASA] software, and it could allow an unauthenticated, remote attacker to cause a reload of the affected system or to execute code remotely, the company said in a security advisory this week.

The vulnerability affects 10 Cisco products, including:

The company said there are no workarounds to fix the vulnerability, but it has issued free software updates that it says will solve the problem.

[Related: Cisco Making Channel Investment To Push New Intent-Based Networking Software, Capabilities]

Cisco said in a statement that the advisory is "intended to help customers understand which Cisco products may be affected and assess the potential implications for their networks. Fixes are available for the affected products," and the company "is not aware of any malicious use of this vulnerability."

Sponsored post

Bill Smeltzer, CTO at Focus Technology Solutions, a Burlington, Mass., solution provider that works with Cisco, said the vulnerability is par for the course in the modern IT era. "This is no different than what we see on a daily basis industry-wide," Smeltzer said. "Cisco has an update to address the problem. They acted fast. We always advise our clients to do any critical security patches."

Mike Girouard, EVP of sales at TekLinks, a Birmingham, Ala., cloud solution provider that works with Cisco said the vulnerability affects most of the firewalls the company has deployed in the field and its data centers.

"We plan to get the announcement out to all of our Pro Services team members so we can work to schedule patching with our clients," Girouard said. "It has affected every customer firewall in the data center, and TekLinks Managed & Cloud Services is working on patching them, and migrating others. We're all over this one."