Stories
Slash Boxes
Comments

SoylentNews is people

That Mega-Vulnerability Cisco Dropped is Now Under Exploit

posted by Fnord666 on Monday February 12 2018, @07:29PM   Printer-friendly
from the patch-day-is-every-day dept.

MrPlow writes:

Submitted via IRC for Bytram

Hackers are actively trying to exploit a high-severity vulnerability in widely used Cisco networking software that can give complete control over protected networks and access to all traffic passing over them, the company has warned.

When Cisco officials disclosed the bug last week in a range of Adaptive Security Appliance products, they said they had no evidence anyone was actively exploiting it. Earlier this week, the officials updated their advisory to indicate that was no longer the case.

"The Cisco Product Security Incident Response Team (PSIRT) is aware of public knowledge of the vulnerability that is described in this advisory," the officials wrote. "Cisco PSIRT is aware of attempted malicious use of the vulnerability described in this advisory."

The update didn't say how widespread the attacks are, whether any of them are succeeding, or who is carrying them out. On Twitter on Thursday, Craig Williams, a Cisco researcher and director of outreach for Cisco's Talos security team, wrote of the vulnerability: "This is not a drill..Patch immediately. Exploitation, albeit lame DoS so far, has been observed in the field."

Source: https://arstechnica.com/information-technology/2018/02/that-mega-vulnerability-cisco-dropped-is-now-under-exploit/

Original Submission

 
This discussion has been archived. No new comments can be posted.
That Mega-Vulnerability Cisco Dropped is Now Under Exploit | Log In/Create an Account | Top | 11 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by NotSanguine on Tuesday February 13 2018, @12:44AM

    by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Tuesday February 13 2018, @12:44AM (#636909) Homepage Journal

    I've personally endorsed IPSec clients over anything SSL related... SSL is far more vulnerable to examination and man-in-the-middle stuff than anything else. Obviously SSL has its merits; I just don't think it's a good solution for everyone to use for VPNs... I think it is good for only the devices that can't do anything better, but it's ended up as a promoted solution because its so easy to do--and https certs can be compromised way more easily than strong ipsec encryption...

    IPSec VPNs can be harder to set up and maintain, and Cisco knows it -- it is not so easy to set up something from scratch on their hardware if you have not done it before--even with the manual open in front of you. But their gui wizardry does a pretty good job--but it really makes it easy for people if they choose the SSL options for VPN connectivity.

    I agree. IPsec over IPv4 (or even better, IPv6) is not only (when properly configured) more secure, it's also much less resource intensive.

    As someone who's implemented and managed Cisco security gear (including their ASA products) at a variety of organizations big and small, the biggest issue is that most home firewalls (and in corporate environments, hotels and other public venues) block the required protocols/ports by default. SSL-based VPN (tcp/443) is allowed through pretty much everywhere.

    There have been a few products that used SSL-based VPN connections that were actually not too bad in terms of usability and feature sets. However, Cisco's AnyConnect and clientless VPNs offerings are really crappy. They're buggy, slow and difficult to manage.

    As the person implementing and managing this stuff, I always pressed for transport (on mobile devices) and tunnel (on devices at static locations) mode IPSec connectivity. That works pretty well and is much easier to manager.

    However, when a VP/partner/other exec is traveling and is at an airport, hotel or other insecure location and want to gain access to the corporate network, UDP/500 and protocols 50 and 51 are invariably blocked. In that scenario, one needs to have something SSL based already available to users, or an updated resume.

    SSL VPNs can be quite useful in a variety of use cases. Cisco just does theirs poorly.

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3