A vulnerability in the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to access sensitive data, including the ASA Software version that is currently running on the appliance.

The vulnerability occurs because the Cisco ASA does not sufficiently protect sensitive data during a Cisco AnyConnect client authentication attempt. An attacker could exploit the vulnerability by attempting to authenticate to the Cisco ASA with AnyConnect.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-asa

Leave a Reply