Cisco vulnerability already being exploited


By Dylan Bushell-Embling
Monday, 12 February, 2018

Cisco vulnerability already being exploited

The Australian Cyber Security Centre (ACSC) has urged organisations using vulnerable Cisco devices to patch as soon as possible, after it was revealed that a recently-discovered critical vulnerability in the company's Adaptive Security Appliance (ASA) is being exploited by hackers.

Cisco last week revealed that the company’s Product Security Incident Response Team (PSIRT) is aware of “attempted malicious use of the vulnerability” it had disclosed in the previous week.

The vulnerability involves a bug in the XML parser of Cisco’s ASA that could allow remote attackers to cause a reload of an affected system or remotely execute code using a specifically crafted XLM packet. This could be exploited to gain full control of affected systems.

The flaw could also result in the ASA stopping processing incoming virtual private network (VPN) authentication requests due to low memory, Cisco warned.

Cisco has already released software updates to address the vulnerability and has updated the fixes after discovering the potential additional attack vectors as well as deficiencies in the original patches.

“Currently the proof-of-concept code only results in a denial-of-service condition. It is likely that this will develop into code that can achieve remote code execution,” the ACSC said in its own advisory.

“Cisco has already identified ‘attempted malicious use of the vulnerability’ in the wild although it is unknown whether this refers to witnessing remote code execution or a denial-of-service condition. The ACSC recommends that organisations with affected devices patch as soon as possible.”

Image credit: ©stock.adobe.com/au/Leo Lintang

Follow us and share on Twitter and Facebook

Related News

Digital trust leaders outperform their peers: research

Companies categorised as leaders in implementing digital trust strategies are reaping the...

IT decision-makers believe AI is key to protect against cyber threats: report

According to reseach, 40% of Australian IT decision-makers believe the use of AI will help them...

New Relic upgrades app security testing suite

The New Relic Interactive Application Security Testing solution has been upgraded with new...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd