Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Cisco Bug Ranks as One of the Worst

Cisco Bug Ranks as One of the Worst

A new exploit is making the rounds in the security environment, and this time, it affects virtual private networks. According to Cisco, the flaw affects its Adaptive Security Appliance (ASA) tool, and it should be patched as quickly as possible. If you don’t do so, your organization could be subject to remote code exploitation as a result of this vulnerability.

Cisco has showcased that the VPN bug can essentially allow hackers to infiltrate their security devices using the ASA operating system. The vulnerability is found in the Secure Sockets Layer (SSL) and can, according to Cisco, “allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.” What does this mean in plain English? In theory, an attacker could take complete and total control over a system (a considerable threat for any organization, especially considering the ramifications from a physical security standpoint). This vulnerability is so dangerous that it has earned a 10-out-of-10 on the Common Vulnerability Score System, taking its place among the upper echelon of major vulnerabilities.

While the vulnerability is only allowed if WebVPN is enabled, it’s still a major threat that you don’t want to overlook. According to ZDNet, here are some of the devices that are affected by this vulnerability:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD).

At its time of discovery, the bug was not being exploited in the wild, but Cisco has been made aware of attempts to leverage of the vulnerability. Since the announcement, the vulnerability has been spotted in the wild, and the initial patch that Cisco implemented to combat this vulnerability proved to insufficient, as there were additional features and attack vectors that were not identified until later.

Cisco has released an updated patch for this vulnerability, so you need to implement it if you don’t want to take a needless risk, and endanger your network and data. It’s a good rule of thumb to never let known vulnerabilities linger too long, as you could be placing your business in harm’s way.

It’s incredibly important that your business be mindful of not just these vulnerabilities, but all vulnerabilities found in critical business software and hardware. This Cisco bug isn’t the first software vulnerability to be found, and it certainly won’t be the last. Hackers are always working to undermine the efforts of developers who are trying to keep their software as secure as possible. It’s up to you to ensure your organization isn’t exposing itself to threats by neglecting patches and security updates.

Total Tech Care can help your organization ensure that patches and updates are applied as needed. We can do this remotely in most cases, without the need for an on-site visit. It’s a great way to get more value out of your business’ technology without sacrificing security. To learn more about how you can make technology work for you, reach out to us at 866-348-2602.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 25 December 2024
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Software Efficiency Network Security Business Google Internet Microsoft Email Malware Backup Workplace Tips Innovation User Tips Data Computer Mobile Devices IT Services Hardware Android VoIP Disaster Recovery communications IT Support Smartphones Business Continuity Communication Miscellaneous Smartphone Mobile Device Browser Small Business Network Productivity Collaboration Cybersecurity Quick Tips Users Business Management Windows Managed IT Services Upgrade Phishing Data Backup Outsourced IT Ransomware Windows 10 Save Money Cloud Computing Data Recovery Office Server Passwords Windows 10 Gadgets Chrome Virtualization Saving Money Holiday Social Media Tech Term Microsoft Office Automation Managed Service Managed IT Services Cybercrime Operating System Artificial Intelligence Computers Facebook Internet of Things Health Hacking Wi-Fi BYOD Mobile Device Management Networking IT Support Managed Service Provider Alert Covid-19 Spam Office 365 Telephone Systems Information Information Technology Remote Social Engineering Mobility Bandwidth Router Employer-Employee Relationship BDR Recovery Human Resources Big Data Remote Monitoring Password Money Data Breach Mobile Computing Encryption App Application History Applications Law Enforcement Private Cloud Data Storage Remote Computing Patch Management Managed IT Mobile Office Apps Blockchain Paperless Office Office Tips Training How To Government VPN Two-factor Authentication Vulnerability Mouse Bring Your Own Device Windows 7 HaaS Word Data Management Work/Life Balance Flexibility Marketing WiFi Servers IT solutions Entertainment Website Budget Google Drive Wireless Data Security Gmail Infrastructure Voice over Internet Protocol Avoiding Downtime Settings Virtual Reality Save Time Apple Vendor Conferencing Data Protection Managed Services Display Social Scam Cleaning User Error Meetings Employee/Employer Relationship RMM Vendor Management End of Support Physical Security Risk Management Education Software as a Service Hacker Telephone System Staff USB Safety Machine Learning HIPAA Sports Connectivity Remote Work The Internet of Things Redundancy Lithium-ion battery Keyboard Firewall Fraud Hiring/Firing Document Management Solid State Drive Remote Worker Wireless Technology SaaS Downtime Managed Services Provider How to Cryptocurrency Database Data storage Network Congestion Automobile Virus Remote Workers Business Intelligence eWaste Comparison Unified Threat Management Processor Audit Worker Computing Infrastructure Computer Accessories IT Management CES Going Green Botnet Hard Drive Business Technology IT Plan Wearable Technology Content Management Access Control Retail Hard Drives Instant Messaging Battery Robot Excel Virtual Assistant Printer Shadow IT Computing Unsupported Software Authentication Bluetooth Legal Charger Biometrics Virtual Desktop Internet Exlporer Compliance OneNote Computer Care Current Events Update PDF DDoS Digital Signage Telephony IT Consultant SharePoint Samsung Google Docs Proactive IT Identity Theft Humor Best Practice Procurement Value Customer Service Workplace Strategy YouTube Net Neutrality Spam Blocking Electronic Medical Records Environment Black Market Help Desk Fax Server Augmented Reality Printing Video Conferencing Mobile Twitter ROI Windows 10s IT service Search Search Engine Best Available iPhone Sales NIST Bitcoin Cast Business Mangement Shortcuts Cryptomining webinar Trending Emergency Tablet WIndows 7 Point of Sale Personal Tip of the week Smart Tech Supply Chain Management Professional Services Addiction Public Cloud Domains Amazon Employer Employee Relationship Files Monitoring Batteries Recycling Assessment Maintenance Windows 8.1 Wiring Chromecast Digitize Windows Server 2008 IaaS Practices Tools Cache Windows Server 2008 R2 Amazon Web Services Bloatware Colocation Customer relationships Safe Mode Uninterrupted Power Supply Criminal Television Manufacturing Tablets User Email Best Practices GDPR PowerPoint IT Assessment Hosted Computing Windows Media Player Monitor Wireless Internet Online Shopping Entrepreneur Computer Tips File Sharing Managed IT Service Security Cameras Public Computer Inventory Biometric Security Shortcut Specifications Transportation Managing Stress Virtual CIO Camera OneDrive Regulations Reputation Peripheral Wire Streaming Media Computer Fan Evernote Rootkit Cost Management Travel Content Digital Security Cameras Cameras Tech Support Using Data Social Networking 5G Workers Millennials Benefits Techology Printers Laptop Copiers Customers Quick Tip Smart Office FENG Wireless Charging Audiobook Ergonomics Running Cable Smartwatch IBM OLED Workforce Smart Technology Memory Virtual Private Network Touchpad Development Flash PCI DSS Virtual Machine Cables Politics Advertising 2FA Printer Server Fiber Optics Software Tips Employee Supercomputer Sync Nanotechnology Cabling Emails Telecommuting Project Management Messaging Policy Notifications Hypervisor Cortana Science Dark mode Trend Micro Digital Signature Default App Netflix Two Factor Authentication Warranty SMS Relocation Procedure HVAC Saving Time Root Cause Analysis Google Apps Knowledge Customer Relationship Management Music dark theme Shopping HBO Distributed Denial of Service Analysis Google Search Skype Devices IT Infrastructure Analyitcs Video Games Administrator AI FinTech Enterprise Content Management Data loss Bing Programming Worker Commute Leadership Experience Troubleshooting MSP Social Network Outlook Accountants Start Menu Thought Leadership Investment Credit Cards Scalability Microchip Consultant Employees Password Management Employee/Employer Relationships Screen Mirroring Antivirus Password Manager Loyalty Business Owner Multi-Factor Security Books Windows 8 Windows 365 Analytics NarrowBand Frequently Asked Questions ISP

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code