Cisco warns of continued exploitation of 10-year-old ASA bug
SC Magazine
Cisco on Dec. 2 updated an advisory from March 18 about a 10-year-old vulnerability in the WebVPN login page of Cisco’s Adaptive Security Appliance (ASA) software that could let an unauthenticated remote attacker conduct a cross-site scripting (XSS) attack.
Billy Hoffman, Field CTO at IONIX, added that most organizations are hardly able to keep up with new critical or high-severity issues and defer dealing with the avalanche of thousands of medium-severity CVEs that come out each year. Hoffman said couple that with IT being conservative in making changes to core business systems like VPNs, it’s not surprising that there are companies running VPN endpoints with decade old vulnerabilities.