Cisco vulnerability already being exploited

The Australian Cyber Security Centre (ACSC) has urged organisations using vulnerable Cisco devices to patch as soon as possible, after it was revealed that a recently-discovered critical vulnerability in the company's Adaptive Security Appliance (ASA) is being exploited by hackers.

Cisco last week revealed that the company’s Product Security Incident Response Team (PSIRT) is aware of “attempted malicious use of the vulnerability” it had disclosed in the previous week.

The vulnerability involves a bug in the XML parser of Cisco’s ASA that could allow remote attackers to cause a reload of an affected system or remotely execute code using a specifically crafted XLM packet. This could be exploited to gain full control of affected systems.

The flaw could also result in the ASA stopping processing incoming virtual private network (VPN) authentication requests due to low memory, Cisco warned.

Cisco has already released software updates to address the vulnerability and has updated the fixes after discovering the potential additional attack vectors as well as deficiencies in the original patches.

“Currently the proof-of-concept code only results in a denial-of-service condition. It is likely that this will develop into code that can achieve remote code execution,” the ACSC said in its own advisory.

“Cisco has already identified ‘attempted malicious use of the vulnerability’ in the wild although it is unknown whether this refers to witnessing remote code execution or a denial-of-service condition. The ACSC recommends that organisations with affected devices patch as soon as possible.”

Image credit: ©stock.adobe.com/au/Leo Lintang

Follow us and share on Twitter and Facebook