Cisco Patches Critical Vulnerability in Security Appliances

Cisco is warning of a critical vulnerability in its ASA 5500 Series Adaptive Security Appliances that could be exploited to execute arbitrary code.

“The problem is located in a Cisco port forwarding ActiveX control — distributed to client systems by ASA as part of the Clientless VPN feature — that can be used to cause a buffer overflow,” The H Security reports. “For an attack to be successful, a victim must first visit a specially crafted web page in Internet Explorer or another web browser that supports ActiveX technologies.”

“The company has released software updates that address the issue; for those who can’t yet upgrade, workarounds are provided in the Cisco security advisory,” the article states.

Go to “Cisco closes holes in its Security Appliances” to read the details.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s