Cybersecurity Alert: Critical Cisco ASA VPN Vulnerability

February 12, 2016

Threat Summary

On February 10, 2016, Cisco® released a critical security advisory announcing a vulnerability in Cisco Adaptive Security Appliance (ASA) firewalls configured as virtual private network (VPN) servers that could allow an unauthenticated, remote attacker to execute code and obtain full control of the system or to cause a reload of the affected system. This vulnerability affects almost all firms using Cisco firewalls. Cisco has released software updates that address this vulnerability. For complete details, see the Cisco security advisory.

Affected Products

This vulnerability affects almost all firms using Cisco firewalls. This vulnerability may affect Cisco ASA software running on the following products:

  • Cisco ASA 5500 Series Adaptive Security Appliances
  • Cisco ASA 5500-X Series Next-Generation Firewalls
  • Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Cisco ASA 1000V Cloud Firewall
  • Cisco Adaptive Security Virtual Appliance (ASAv)
  • Cisco Firepower 9300 ASA Security Module
  • Cisco ISA 3000 Industrial Security Appliance

For further details on vulnerable products, see the Cisco security advisory.

ACA Aponix Recommendation

Cisco has released software updates that address this vulnerability. ACA Aponix recommends updating any affected products to the most recent software versions as soon as possible. See the Cisco security advisory for more information on fixed Cisco ASA software versions.

Please reach out to us if you have any questions: info@acaaponix.com