Cisco VPN Has a Major Security Bug With No Fix for It

Cisco has announced that its VPN is currently experiencing a major security flaw, and there's no fix yet.

Your latest attempt to be secure online may have done the opposite, as Cisco revealed that its VPN software currently has a major security flaw. And to make matters worse, there is still no fix to the problem yet.

The online world has become a veritable wild west of security problems. From ransomware to phishing scams, keeping yourself safe online has gone from peace of mind exercise to necessary precaution, especially during 2020’s pandemic.

VPNs are ideally supposed to add a bit of security to your hectic online life, but tragically, as the Cisco VPN has shown us, that’s not always the case.

Cisco Reveals Security Flaw in VPN

At the end of last week, Cisco announced that there was a zero-day vulnerability in its AnyConnect Secure Mobility Client software. The vulnerability comes with a proof-of-concept exploit code that is publicly available online. For the layman, this security flaw would allow a hacker to implant malicious code on all AnyConnect users’ devices on Windows, Mac, and Linux. And the worst part is that Cisco doesn’t have a fix for the flaw yet.

However, it’s not all gloom, as the vulnerability likely isn’t affecting that many people. For one, the bug is not a mobile threat, as devices running iOS and Android are both entirely safe from the problem. Plus, users must actively be in an AnyConnection session to be vulnerable, so the timetable is much smaller than the average breach.

Also, according to Cisco, the bug requires the Auto-Update and Enable Scripting settings to be enabled, one of which is disabled by default. However, if you do have both enabled, you could be in for some trouble, given that Cisco doesn’t have a specific solution to the problem just yet.

What Can Cisco Customers Do?

Right now, there’s tragically not a lot you can do from a solution standpoint, but there are workarounds that can help you stay safe for the time being. Rather than try to explain it ourselves, we’ll let the proprietors of this technology give you the details on how to mitigate the damage from this security flaw:

“A mitigation for this vulnerability is to disable the Auto Update feature. Additional details can be found in the Disabling AnyConnect Auto Update section of the Cisco AnyConnect Secure Mobility Client Administrator Guide,” the Cisco Security Advisory explains. “If the Auto Update feature cannot be disabled, disabling the Enable Scripting configuration setting would reduce the attack surface.”

Fortunately, Cisco has told users that a solution is on the way, and it will be provided in the form of a completely free software update. Still, no timeline has been set for that update, so it would be best to take matters into your own hands for the time being.

Alternative VPN Providers

The VPN market is a big one, with plenty of great options available. If this experience with Cisco has turned you off from its VPN, or if this news has got you thinking about how much you need a VPN, you’re in luck!

Tech.co has done a lot of research to help discover which VPNs are the best so you don’t have to. Whether you’re trying to torrent, protect your activity, or just stream Netflix from a different country, take a look at this table of other VPN providers to get a good idea of what you can find on the market today.

0 out of 0
Price From
Lowest price for single month subscription to cheapest paid tier. Other plans are available.
Verdict
No. of Devices
Zero Data Logging
Kill Switch
Email Support
Live Chat
Free Trial
Try
Click to find the latest offers, deals and discounts from the VPN provider

$2.99/month
Up to 74% off!

$2.99/month

$2.03/month

$9.99/month

$3.00/month min. ($1 per location)

~$4.87 per month

$2.19/month

$8.32/month

Super fast and easy to use, NordVPN is among the best we’ve tested. Advanced features like Onion-Over-VPN make it stand out from the crowd.

A fast VPN that performed well on our speed tests, and also owns a lot of its own server infrastructure.

A safe, easy-to-use and relatively robust VPN app that performed really well on our 2024 unblocking tests.

Affordably priced ultra-secure VPN that has great privacy features but is a little slow.

A reliable, widely-used VPN that has decent privacy controls, but it performed very poorly on our speed tests.

A decently-priced VPN that does all the basics well, but has an incredibly small server network compared to PureVPN and Co.

A decent option for seasoned torrenters, but a little pricier than PureVPN and Private Internet Access.

A user-friendly VPN based in Romania with servers optimized for streaming, but no obfuscation technology.

A highly reliable VPN with servers in more than 100 countries – but it comes with one of the heftiest price tags on the market.

6

Unlimited

10

Unlimited

8-12

Unlimited

10

7

5

30-day money-back guarantee

Yes (iOS and Android)

7 days

30-day money-back guarantee

See Deals See Deals See Deals See Deals See Deals See Deals See Deals See Deals See Deals
About our links

If you click on, sign up to a service through, or make a purchase through the links on our site, or use our quotes tool to receive custom pricing for your business needs, we may earn a referral fee from the supplier(s) of the technology you’re interested in. This helps Tech.co to provide free information and reviews, and carries no additional cost to you. Most importantly, it doesn’t affect our editorial impartiality. Ratings and rankings on Tech.co cannot be bought. Our reviews are based on objective research analysis. Rare exceptions to this will be marked clearly as a ‘sponsored’ table column, or explained by a full advertising disclosure on the page, in place of this one. Click to return to top of page

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Conor is the Lead Writer for Tech.co. For the last six years, he’s covered everything from tech news and product reviews to digital marketing trends and business tech innovations. He's written guest posts for the likes of Forbes, Chase, WeWork, and many others, covering tech trends, business resources, and everything in between. He's also participated in events for SXSW, Tech in Motion, and General Assembly, to name a few. He also cannot pronounce the word "colloquially" correctly. You can email Conor at conor@tech.co.
Explore More See all news
Back to top
close Step up your business video conferencing with GoToMeeting, our top rated conferencing app – try it free for 14 days Try GoToMeeting Free