Cisco Issues "Critical" Firewall Security Vulnerability Alert For VPN Devices
Cisco Systems had to scramble this week after it identified a critical software security vulnerability in several of its firewalls, switches, routers and security software that could let cyber-attackers into VPN devices.
With the IT industry on edge because of the fallout of the Specter and Meltdown exploits, IT vendors are under even more pressure to quickly correct vulnerabilities in hardware and software systems.
Cisco said the vulnerability is in the Secure Sockets Layer VPN functionality of the vendor's Cisco Adaptive Security Appliance software and could allow an unauthenticated, remote attacker to cause a reload of the affected system or execute code remotely.
The company issued a list of 10 affected Cisco products including its 55 Series Adaptive Security Appliances, the ASA 1000v Cloud Firewall and the company’s Firepower Threat Defense software.
Cisco developed and issued free software updates to solve the problem, but said there were no workarounds to fix the vulnerability.