Hackers are now attacking Cisco ASA VPN bug

Cisco researchers are now aware of attempted attacks leveraging a vulnerability in its Adaptive Security Appliance.

Video: The biggest enterprise cybersecurity red flags
Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • A major vulnerability affecting Cisco's Adaptive Security Appliance is now under attack by hackers, according to Cisco.
  • Companies that use a Cisco Adaptive Security Appliance should update the software as soon as possible to avoid issues associated with a recently-discovered flaw.

A critical flaw in Cisco's Adaptive Security Appliance (ASA) is now under attack, according to a security advisory posted by the company.

"The Cisco Product Security Incident Response Team (PSIRT) is aware of public knowledge of the vulnerability that is described in this advisory," the advisory reads. "Cisco PSIRT is aware of attempted malicious use of the vulnerability described in this advisory."

Cisco has been urging users to patch their systems to protect against a critical VPN vulnerability after it was first reported earlier this week. With actual attacks attempted, though, the need for IT to begin updating ASA systems is paramount.

SEE: Network security policy (Tech Pro Research)

The flaw in question affected devices that have the webvpn feature enabled, the advisory said. And it's a major vulnerability: Cisco noted that the flaw received a Common Vulnerability Scoring System (CVSS) score of 10 out of 10--the highest possible rating.

The flaw, originally reported by Cedric Halbronn from the NCC Group, could affect some 200,000 devices, according to a tweet from security researcher Kevin Beaumont. By sending a specialized XML packets to a webvpn-configured interface, attackers can gain control of the system and reload an affected device, the advisory noted.

While Cisco originally tried to patch the flaw when it was reported, the firm determined that the original update was "incomplete" and had to later issue a new patch. At that time, though, Cisco wasn't aware of any malicious activity attempting to exploit the flaw.

Users can find a list of vulnerable Cisco products and steps for determining their product's risk here. There aren't any workarounds for the vulnerability--IT must patch if it wants to remain safe.

Also see

Image: iStockphoto/welcomia