Cisco ASA Vulnerability – Patch Now!

640px-Standard-lock-keyOn February 10th, Cisco Systems patched a serious vulnerability (a buffer overflow exploit) in their Cisco ASA Software, used in firewalls, routers and other security appliances. This threat could allow a remote, unauthenticated attacker to gain complete control of a targeted system.

With over a million devices in use on the Internet, it’s only a matter of time before nefarious organizations move to take advantage of this opportunity. Although Cisco reports no cases of “malicious use” of this vulnerability in the wild, the Internet Storm Center has noted a large increase in UDP traffic on the port considered most likely to be attacked, and we urge any and all customers of that use Cisco ASA devices to update their firmware immediately.

Instructions on how to download the software update to correct this issue can be obtained directly from Cisco here.

A detailed technical report has also been released by security researchers from Exodus Intelligence (the discoverers of the exploit).

Image: Evan Amos