Cisco announced a "critical" vulnerability of Cisco ASA OS and released patched OS for them at the same time. Hackers could make use of this vulnerability to gain control of your Cisco ASA.
 |
| The first fixed version of ASA OS to fix this problem. Screen captured on Cisco's web site. |
Vulnerable Products
Cisco ASA Software is affected by this vulnerability if the system is configured to terminate IKEv1 or IKEv2 VPN connections.
This includes the following:
- LAN-to-LAN IPsec VPN
- Remote access VPN using the IPsec VPN client
- Layer 2 Tunneling Protocol (L2TP)-over-IPsec VPN connections
- IKEv2 AnyConnect
Cisco ASA Software can be downloaded from the Software Center on Cisco.com by visitinghttp://www.cisco.com/cisco/software/navigator.html.
The full details about this vulnerability and patched OS is on Cisco's official web site:
Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability (CVE-2016-1287)
One more thing...
I have learned one lesson several years ago. Around 2003, I secretly installed a SQL server right in my house. I thought I was the only one who knew I have installed that SQL server, and I was the only one who knew my public IP address. I put that server at public Internet side so I can get back to it any time I want.
However, I was wrong. Within just 12 hours, hackers found and broke into my SQL server.
The key lesson I have learned is, if I tried again to put some hardware or software with vulnerability unfixed at public Internet, the survival time for it would be far less than 12 hours. Remember, it was only year 2003.
Go patch up your Cisco ASA OS ASAP!
No comments:
Post a Comment
Tip: you can also anonymously comment here.