The vulnerability is due to bad handling of LDAP responses when the latter is being used for External Authentication. The bad actor can run the exploit by creating a crafted HTTP requests effectively bypassing authentication and getting administrative privileged access to the Web GUI.
As you probably know the Equifax (one of the three big credit bureaus in North America and UK) announced it was breached (discovered unauthorized access) on the 29th of July. So far, the predictions are that this leak of sensitive personal data impacts over 143 Million American, Canadian and British citizens.
Cisco currently has multiple endpoint security solutions in place – CWS (Cloud Web Security / Scansafe), Umbrella (OpenDNS) and AMP for endpoints are prime examples. AMP is a different breed of endpoint protection, it relies heavily on detection based on heuristics and cloud sandboxing, where as CWS and OpenDNS both concentrate very strongly on making sure your Internet browsing is secure and save.
Virtual Private Networks constitute a hot topic in networking because they provide low cost and secure communications between sites (site-to-site VPNs) whilst improving productivity by extending corporate networks to remote users (remote access VPNs). Naturally the VPN technology is widely deployed on all internet edge devices and most ASAs.
Cisco has finally decided to merge its two major network security products – the ASA and FirePOWER. These two have been living on the same hardware (5500X) model for years now but they required separate management which increased the deployment and operational costs for a Cisco FirePOWER implementation.
We are experiencing a new phase in our vision of network security. There is currently no quick fix solution, no 100% proof network security protection/prevention tool or product.
There is not a single industry anywhere in the world who are immune from the threat of some form of cyber-attack.
