NCSC Cyber Security Advisory CSA-2018-31

Critical Cisco ASA Remote Code Execution

Cisco has released a security update to address a critical vulnerability (CVE-2018-0101) in its Adaptive Security Appliance software. Cisco devices running vulnerable versions of the ASA software with the WebVPN feature enabled are affected. Exploitation of this vulnerability could allow a remote attacker to take control of affected systems, or perform Denial of Service against affected systems. The National Cyber Security Centre (NCSC) recommends network owners and administrators review the Cisco Security Advisory, consider if the vulnerability poses a risk to your network, and apply the update or disable the WebVPN feature if deemed necessary.

Cisco Advisory: