Cisco has warned customers using its Adaptive Security Appliance (ASA) software to patch a dangerous VPN bug that a researcher will be revealing how to exploit this weekend.

Cisco’s ASA operating system for its network security devices has a severe double-free vulnerability in the Secure Sockets Layer VPN feature that it warns “could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code”.

A successful attack using multiple, specially crafted XML packets would allow an attacker to take “full control of the system”, according to Cisco’s advisory…

Leave a Reply