H Security – (International) Cisco closes holes in its VPN client and security appliances. Network equipment manufacturer Cisco warned its customers of multiple security vulnerabilities in its next-generation VPN client that can be exploited by an attacker to inject and execute malicious code. Affected products include the AnyConnect Secure Mobility Client, along with Cisco Secure Desktop HostScan for Windows, Mac OS X, a nd Linux. Details on these, including which versions are vulnerable, workarounds, and patch information, can be found in the company’s security advisory. In a separate advisory, Cisco said it addressed a denial-of-service vulnerability in its ASA 5500 Series Adaptive Security Appliances (ASA) and Catalyst 6500 Series ASA Services Module that could allow a remote, unauthenticated attacker to trigger a restart on an affected device. Additionally, the firm closed a hole in its Cisco Application Control Engine software: When running in multicontext mode, users could inadvertently log into an unintended context as the administrator, allowing them to view and change configurations.
Ali Loney, on June 21, 2012