Cisco Closes Multiple Holes

Friday, June 22, 2012 @ 02:06 PM gHale


Cisco issued warnings about multiple security vulnerabilities in its next-generation VPN client an attacker can exploit to inject and execute malicious code and a denial of service (DoS) hole in a series of security appliances.

In one warning, there are multiple security vulnerabilities in Cisco’s next-generation VPN client. Affected products include the AnyConnect Secure Mobility Client, along with Cisco Secure Desktop HostScan for Windows, Mac OS X and Linux. Click here for details on these, including which versions are vulnerable, workarounds and patch information.

RELATED STORIES
Networking Fixes from Cisco, Wireshark
USB Malware Heart of Investigation
Flame and SCADA Security
Finding, Stopping a Bot

In a separate advisory, Cisco said it addressed a DoS vulnerability in its ASA 5500 Series Adaptive Security Appliances (ASA) and Catalyst 6500 Series ASA Services Module (ASASM) that could have allowed a remote, unauthenticated attacker to trigger a restart on an affected device.

Additionally, the company closed a hole in its Cisco Application Control Engine (ACE) software: When running in multicontext mode, users could inadvertently log into an unintended context as the administrator, allowing them to view and change configurations.



Leave a Reply

You must be logged in to post a comment.