If you use Cisco’s popular firewall management software, you need to stop what you’re doing and patch it right now. The company just issued a fix for a critical security flaw so severe that it earned the highest possible risk rating: a perfect 10.0.
The vulnerability affects Cisco’s Secure Firewall Management Center (FMC) software and could give a hacker complete control over a company’s entire network. The flaw is in the way the software handles a common authentication system called RADIUS. Because the software doesn’t properly check the information a user enters, an attacker can send specially crafted login credentials that are then executed as powerful commands on the system.
What makes this a true security nightmare is that an attacker doesn’t need any prior access or even a valid password to exploit the flaw. They can do it from the outside, giving them a direct path to taking over the firewall. Once they’re in control of that, they can do whatever they want to the rest of the network.
The good news is that no known attacks are using this vulnerability in the wild yet. But now that the details are public, it’s only a matter of time before hackers start trying to exploit it.
Cisco is urging all customers to apply the patch immediately. There are no workarounds for this vulnerability. The only way to protect yourself is to install the update.
