Cisco released a security advisory for a vulnerability in the Lasso Security Assertion Markup Language (SAML) Single Sign-On (SSO) library reported on June 1, 2021. This vulnerability could allow an authenticated attacker to impersonate another authorized user when interacting with an application.
Cisco is investigating its product line to determine which products may be affected by this vulnerability and the impact on each affected product and is continuing to evaluate the fix and will update the advisory as additional information becomes available.
For more information please see:
Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021
The following table lists Cisco product that are affected by the vulnerabilities:
- Cisco Adaptive Security Appliance (ASA) Software Affected features: Clientless WebVPN and AnyConnect VPN (only when SSO is enabled)
- Cisco Content Security Management Appliance (SMA) Affected feature: Web-based management interface (only when SSO is enabled)
- Cisco Email Security Appliance (ESA) Affected feature: Web-based management interface (only when SSO is enabled)
- Cisco FXOS Software
- Cisco Web Security Appliance (WSA)
- Cisco Firepower Threat Defense (FTD) Software Affected feature: AnyConnect VPN
Matsco is currently reviewing and monitoring the update to be released by system manufacturers and arrange the patching accordingly for our maintenance contract clients
Please contact the Matsco Solutions team on the below if you would like any further information or would like to schedule a maintenance.
support@matscosolutions.com
Beijing +86 400 120 2782
Hong Kong +852 8101 8418
London +44 (0)20 7821 4950
New York +1 866 446 9226
Singapore +65 6100 1090
Share this Post