Cisco PSIRT is aware of public exploitation of the Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability identified by Cisco bug ID CSCup36829 (registered customers only) and CVE ID CVE-2014-3393. This vulnerability was disclosed on the 8th of October 2014 in the Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software.
All customers that have customizations applied to their Clientless SSL VPN portal and regardless of the Cisco ASA Software release in use should review the security advisory and this blog post for additional remediation actions.
NOTE: The Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software should be used as the Single Source of Truth (SSoT) for all details of this vulnerability and for any revisions of information going forward. Read More »
Tags: ASA, psirt, security, SSL VPN, vulnerability
Cisco Live Orlando, June 23-27, 2013, is quickly approaching and registration is open. The Security track this year includes 72 breakout sessions, 74 hours of labs and seminars, and 3 Product Solution Overview sessions, accounting for about 15 percent of all the content delivered at Cisco Live. New for this year we will have several talks aimed at the network engineer in the role of a data analyst, helping them to better utilize and understand the data that comes from their networks (BRKSEC-2001, BRKSEC-2006, BRKSEC-2011, BRKSEC-2062, BRKSEC-3031, and BRKSEC-3062).
Read More »
Tags: byod, cisco live, Cisco Live 2013 Orlando, Cisco Live US, IPv6, Network Threat Defense, security, SSL VPN, threat defense, training
Following up on our Data Center launch on Sept. 12, there have been significant enhancements to Cisco AnyConnect Secure Mobility Solution, the industry recognized SSL/VPN solution. With a track record of leading the traditional VPN market, Cisco hit market milestones in the past with built-in features to the AnyConnect Secure Mobility Client, such as network access manager that offers administrators the ability to control which network end points are able to connect to and other built-in modules that enable web security either through the on-premises Cisco Web Security Appliance (WSA) or the cloud-based Cisco Cloud Web Security offering.
Now, with AnyConnect Secure Mobility Client 3.1, Cisco continues to help enterprise customers with their business transformation needs (ie-BYOD) securely. As long as ‘consumerization of IT’ continues to gain inroads into the corporate network, IT professionals will seek investments in tools that will help support their attitude change from mandate to choice. Having a mobile DNA has been a significant attribute for Cisco as AnyConnect continues to support one of the broadest OS (desktop and mobile) and browser portfolios in the market today.
Read More »
Tags: anyconnect, bring your own device, byod, secure mobility, SSL VPN, vpn