Cisco ASA SSL VPN Vulnerability

Cisco has released patches for platforms running their ASA software to address a severe SSL VPN vulnerability. This vulnerability would allow an attacker to run arbitrary code or reset the affected device. This vulnerability has a CVSS score of 10, indicating the highest severity for a vulnerability.

The only mitigation options at this time are to apply the patch or disable the webvpn function.

Affected platforms:

3000 Series Industrial Security Appliance (ISA) ASA 5500 Series Adaptive Security Appliances ASA 5500-X Series Next-Generation Firewalls ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers ASA 1000V Cloud Firewall Adaptive Security Virtual Appliance (ASAv) Firepower 2100 Series Security Appliance Firepower 4110 Security Appliance Firepower 9300 ASA Security Module Firepower Threat Defense Software (FTD)

All supported software releases have patches available. Those that are running software releases that have reached End of Software Maintenance should upgrade to a supported release as soon as possible.