Update: Tuesday, February 20
If you are concerned that your Cisco firewall may still be vulnerable, please contact your Account Manager or email email@example.com.
Original Post: Tuesday, January 30
On January 29, 2018, Cisco announced that a vulnerability, CVE-2018-0101, has been discovered in the SSL VPN functionality of their security appliance, the ASA firewall. Cisco also released a software update to resolve this vulnerability at the same time.
This affects all but the latest versions of code in each ASA firmware train. It is a serious vulnerability and could result in allowing an attacker to remotely execute malicious code or to cause repeated reboots of the affected firewall.
The vulnerability response team at SE has met and is preparing plans to apply the software update to our SE EventWatch, SE Essentials, SE Secure, and SE Critical Care clients, covering their affected firewalls. If a more critical and timely response is needed, we recommend your Web VPN feature on the ASA be shut off until the device is properly patched by our team at SE.