"The problem is located in a Cisco port forwarding ActiveX control -- distributed to client systems by ASA as part of the Clientless VPN feature -- that can be used to cause a buffer overflow," The H Security reports. "For an attack to be successful, a victim must first visit a specially crafted web page in Internet Explorer or another web browser that supports ActiveX technologies."
"The company has released software updates that address the issue; for those who can't yet upgrade, workarounds are provided in the Cisco security advisory," the article states.
Go to "Cisco closes holes in its Security Appliances" to read the details.https://o1.qnsr.com/log/p.gif?;n=203;c=204660770;s=9477;x=7936;f=201812281321530;u=j;z=TIMESTAMP;a=20396194;e=i
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.