Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London.
The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
The vulnerability affects any device that terminates SSL traffic.
This vulnerability only affects traffic destined to the affected device, not traffic passing through the device.
The following Cisco products are affected by this critical vulnerability: To determine if your ASA device is vulnerable, clients can utilize the following command: “show asp table socket” Clients should look for an SSL or DTLS listen socket on any TCP port. Clients can also utilize the following command to determine if IKE V2 is enabled: “show run crypto ikev2 | grep enable” If “crypto ikev2 enable” is present in the devices running configuration, and “anyconnect enable” is part of the global webvpn configuraton, the ASA device is vulnerable.
To identify which version of the ASA software your device(s) is currently running, use the following command: “show version | include Version To identify which Fire Power Threat Defense (FTD) version your device(s)is currently running, use the following command: “show version” Cisco has provided the table below to assist organizations in determining if their device’s configurations are vulnerable to the issues described in CVE-2018-010.
, 2018 Cisco updated an existing vulnerability advisory for CVE-2018-010 due to newly discovered attack vectors and because the original software fix was identified to be incomplete.
The vulnerability, CVE-2018-010, is a critical Remote Code Execution and Denial of Service vulnerability in the Cisco ASA and Cisco Next-General firewall platforms with a CVSS score of 10.0, the highest possible score.
Security firms and IT giants are analyzing the huge archive leaked by the Shadow Brokers crew after the hack of the NSA-linked Equation Group.
We reported that some of the exploits included in the archive are effective against CISCO, Fortinet, and Juniper network appliance.
The CVE-2016-6366 flaw affects Cisco’s ASA appliances, both firewalls and routers, Firepower products, Firewall Services Modules, industrial security appliances, and PIX firewalls.