Cisco closes holes in its VPN client and security appliances
Network equipment manufacturer Cisco is warning its customers of multiple security vulnerabilities in its next-generation VPN client that can be exploited by an attacker to inject and execute malicious code. Affected products include the AnyConnect Secure Mobility Client, along with Cisco Secure Desktop HostScan for Windows, Mac OS X and Linux. Details on these, including which versions are vulnerable, workarounds and patch information, can be found in the company's security advisory.
In a separate advisory, Cisco says that it has addressed a Denial-of-Service (DoS) vulnerability in its ASA 5500 Series Adaptive Security Appliances (ASA) and Catalyst 6500 Series ASA Services Module (ASASM) that could have allowed a remote, unauthenticated attacker to trigger a restart on an affected device. Additionally, the company has closed a hole in its Cisco Application Control Engine (ACE) software: when running in multicontext mode, users could have been inadvertently logged into an unintended context as the administrator, allowing them to view and change configurations.