As of Monday, 2/6/18, a follow-up patch for Cisco ASA software has been released and labeled as critical.

The last patch that Cisco issued out has been deemed incomplete and they are urging people to re-patch their Adaptive Security Appliance software again with the newest patch. After Cisco mandated their own probing, vulnerabilities were discovered that were not covered in the latest patch. According to Cisco, the following are a list of alerts that are placed in order of priority, with ASA at the top of the list under critical and a 10 out of 10 on the Common Vulnerability Scoring System.

This patch covers critical XML parser and Firepower Threat Defense software vulnerabilities that got missed in the lastest update. Neglecting the most recent patch can give hackers access to execute system takeovers, and halt authentication requests. More detailed information on the vulnerabilities and affected products is available on the Cisco site, as well as instructions on how to determine system vulnerability and work around.

 

References:

https://www.techrepublic.com/article/if-your-businesses-uses-a-cisco-vpn-patch-it-now-to-avoid-critical-flaw/?ftag=TREa988f1c&bhid=27733029506249943860869485574155

https://www.cyberscoop.com/cisco-asa-vulnerability-worse-than-thought/

https://www.techrepublic.com/article/cisco-it-must-patch-asa-vpn-bug-again-first-fix-was-incomplete/?ftag=TRE684d531&bhid=27733029506249943860869485574155

http://www.zdnet.com/article/cisco-you-need-to-patch-our-security-devices-again-for-dangerous-asa-vpn-bug/