ct logo wslogan

i-medIT Blog

At i-medIT, we provide a comprehensive range of computer and technology solutions to small business owners and Ambulatory Health Care entities. We specialize in helping companies focus on their business by leveraging IT to serve their goals and objectives rather than being a distraction.
Customers come to us for managed services, healthcare IT, project management, IT consulting, HIPAA Compliance, PCI Compliance, server virtualization, and data backup. These core services help our customers run their own companies and take their business goals to the next level.

Cisco Bug Ranks as One of the Worst

Cisco Bug Ranks as One of the Worst

A new exploit is making the rounds in the security environment, and this time, it affects virtual private networks. According to Cisco, the flaw affects its Adaptive Security Appliance (ASA) tool, and it should be patched as quickly as possible. If you don’t do so, your organization could be subject to remote code exploitation as a result of this vulnerability.

Cisco has showcased that the VPN bug can essentially allow hackers to infiltrate their security devices using the ASA operating system. The vulnerability is found in the Secure Sockets Layer (SSL) and can, according to Cisco, “allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.” What does this mean in plain English? In theory, an attacker could take complete and total control over a system (a considerable threat for any organization, especially considering the ramifications from a physical security standpoint). This vulnerability is so dangerous that it has earned a 10-out-of-10 on the Common Vulnerability Score System, taking its place among the upper echelon of major vulnerabilities.

While the vulnerability is only allowed if WebVPN is enabled, it’s still a major threat that you don’t want to overlook. According to ZDNet, here are some of the devices that are affected by this vulnerability:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD).

At its time of discovery, the bug was not being exploited in the wild, but Cisco has been made aware of attempts to leverage of the vulnerability. Since the announcement, the vulnerability has been spotted in the wild, and the initial patch that Cisco implemented to combat this vulnerability proved to insufficient, as there were additional features and attack vectors that were not identified until later.

Cisco has released an updated patch for this vulnerability, so you need to implement it if you don’t want to take a needless risk, and endanger your network and data. It’s a good rule of thumb to never let known vulnerabilities linger too long, as you could be placing your business in harm’s way.

It’s incredibly important that your business be mindful of not just these vulnerabilities, but all vulnerabilities found in critical business software and hardware. This Cisco bug isn’t the first software vulnerability to be found, and it certainly won’t be the last. Hackers are always working to undermine the efforts of developers who are trying to keep their software as secure as possible. It’s up to you to ensure your organization isn’t exposing itself to threats by neglecting patches and security updates.

i-medIT can help your organization ensure that patches and updates are applied as needed. We can do this remotely in most cases, without the need for an on-site visit. It’s a great way to get more value out of your business’ technology without sacrificing security. To learn more about how you can make technology work for you, reach out to us at 630-549-6199.



No comments made yet. Be the first to submit a comment

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Google Hackers Business Computing Microsoft Cloud Backup Innovation Small Business Email Hardware Android Business Cybercrime Smartphones Efficiency Software Malware Network Security Data Backup Ransomware VoIP Windows Mobile Devices Data How To Browser Computers Productivity Mobile Device Management Business Management User Tips Cybersecurity Cloud Computing Internet Managed IT Services Social Engineering Business Continuity Chrome Phishing Data Breach Server Spam Automation Data Recovery Disaster Recovery Safety Data Security Communication Vulnerability Bring Your Own Device Operating System Social Media Gadgets App Upgrade Telephone Systems Smartphone Money Internet of Things Windows 10 Computer Law Enforcement Two-factor Authentication Outsourced IT Alert Collaboration Managed IT Services Redundancy Spam Blocking Avoiding Downtime Saving Money Comparison Network BYOD Physical Security Internet Exlporer Artificial Intelligence Data storage Private Cloud Google Drive Save Money Remote Monitoring Passwords Wi-Fi Public Cloud Business Intelligence Gmail Update Apps Communications Office 365 Miscellaneous CES The Internet of Things Virtualization Bandwidth Hosted Solutions BDR Router Data Storage Government Word IT Management Downtime OneNote IT Plan Windows 10 Recovery Unsupported Software Quick Tips VPN Data Protection Software Tips Amazon Hacking Electronic Medical Records Marketing Touchpad Business Mangement Managed Service Provider Charger Digital Signature Advertising Amazon Web Services webinar Sync Automobile Legal Recycling Windows 10s Computer Care Networking Encryption Meetings Specifications DDoS Online Shopping Conferencing Hiring/Firing Work/Life Balance Outlook eWaste Health Samsung Keyboard IBM Patch Management Accountants HBO Evernote Emails Telephony Microsoft Office Facebook Humor Criminal YouTube Solid State Drive Value Supercomputer Scam Hybrid Cloud Data loss Millennials Wireless Charging Skype Files Audit Budget Frequently Asked Questions PDF Screen Mirroring Workforce Cortana Office Start Menu Monitor Content Management History Computer Fan Google Docs Uninterrupted Power Supply Excel Going Green Cast Telecommuting Password Black Market Google Apps Relocation Netflix Tools Blockchain NarrowBand FENG Website Data Management Office Tips Current Events Tip of the week Remote Work Employer-Employee Relationship IT Support HIPAA User Error Wireless Technology Voice over Internet Protocol Identity Theft Cleaning Knowledge Windows Server 2008 HaaS Workers Sports Managed IT IT Services Human Resources Credit Cards Reputation Tech Support Network Congestion Windows 7 Robot Infrastructure Apple Settings Botnet Holiday Staff End of Support Multi-Factor Security Fraud Customer Shadow IT IT Consultant Flash Productivity Laptop Flexibility Password Manager iPhone Travel Big Data Internet exploMicrosoft Chromecast Root Cause Analysis Trending Worker Commute Mobility Remote Computing Risk Management Books Search Save Time Politics Emergency How to Thank You Best Practice Congratulations Employer Employee Relationship Experience Mobile Device Webinar Computer Accessories Music Video Games WiFi Loyalty Transportation Battery IT solutions Bluetooth Scalability SaaS Benefits Education Information Technology Content Workplace Tips Firewall Computing Infrastructure Techology Worker Audiobook Wearable Technology Instant Messaging Assessment Smart Technology Applications Rootkit Entertainment USB Television Two Factor Authentication Users Wireless IT Support Training Public Computer Troubleshooting CrashOverride Virtual Reality Vendor Management