Cisco Patches Critical Vulnerability in Security Appliances


Cisco is warning of a critical vulnerability in its ASA 5500 Series Adaptive Security Appliances that could be exploited to execute arbitrary code.

"The problem is located in a Cisco port forwarding ActiveX control -- distributed to client systems by ASA as part of the Clientless VPN feature -- that can be used to cause a buffer overflow," The H Security reports. "For an attack to be successful, a victim must first visit a specially crafted web page in Internet Explorer or another web browser that supports ActiveX technologies."

"The company has released software updates that address the issue; for those who can't yet upgrade, workarounds are provided in the Cisco security advisory," the article states.

Go to "Cisco closes holes in its Security Appliances" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.