Monkey34
Supreme [H]ardness
- Joined
- Apr 11, 2003
- Messages
- 5,140
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Cisco VPN vulnerability....bug worse than originally thought
- Thread starter Monkey34
- Start date
Monkey34
Supreme [H]ardness
- Joined
- Apr 11, 2003
- Messages
- 5,140
FYI:
1. The exploit has now been seen in use in the field.
2. The vulnerability is even worse than originally thought.....and there are NEW patches out to replace the ones they first released.
Once exploited, the devices allow remote hackers to seize administrative control of networks and to monitor all traffic that passes through them.
https://arstechnica.com/information...erability-cisco-dropped-is-now-under-exploit/
1. The exploit has now been seen in use in the field.
2. The vulnerability is even worse than originally thought.....and there are NEW patches out to replace the ones they first released.
Once exploited, the devices allow remote hackers to seize administrative control of networks and to monitor all traffic that passes through them.
https://arstechnica.com/information...erability-cisco-dropped-is-now-under-exploit/
heman22union
n00b
- Joined
- Nov 6, 2013
- Messages
- 40
Do you have an affected device? Have you tried any of the attacks against them yet? Do you know of a website that has details on how to execute the attack? Does the newest patch actually fix the problem? I'm looking to try it on my hardware so I can test it myself to make sure I'm protected. I have taken my ASA offline until I have enough time to work on it.
Monkey34
Supreme [H]ardness
- Joined
- Apr 11, 2003
- Messages
- 5,140
No, I don't have an affected device. Just passing along info to fellow [H]'s.
heman22union contact Cisco support directly. They are giving out the patch even if you do not have smartnet (paid support) on your the hardware. Keep in mind this only affects ASA firewalls with the webvpn service turned on and enabled on an interface