Go back to All News & Events

Cisco warns of continued exploitation of 10-year-old ASA bug

Fara Hain
December 5th, 2024

SC Magazine

Cisco on Dec. 2 updated an advisory from March 18 about a 10-year-old vulnerability in the WebVPN login page of Cisco’s Adaptive Security Appliance (ASA) software that could let an unauthenticated remote attacker conduct a cross-site scripting (XSS) attack.

Billy Hoffman, Field CTO at IONIX, added that most organizations are hardly able to keep up with new critical or high-severity issues and defer dealing with the avalanche of thousands of medium-severity CVEs that come out each year. Hoffman said couple that with IT being conservative in making changes to core business systems like VPNs, it’s not surprising that there are companies running VPN endpoints with decade old vulnerabilities.

Read more…

REQUEST A THREAT EXPOSURE REPORT TODAY

Discover the full extent of your online exposure so you can protect it.