Your latest attempt to be secure online may have done the opposite, as Cisco revealed that its VPN software currently has a major security flaw. And to make matters worse, there is still no fix to the problem yet.
The online world has become a veritable wild west of security problems. From ransomware to phishing scams, keeping yourself safe online has gone from peace of mind exercise to necessary precaution, especially during 2020’s pandemic.
VPNs are ideally supposed to add a bit of security to your hectic online life, but tragically, as the Cisco VPN has shown us, that’s not always the case.
Cisco Reveals Security Flaw in VPN
At the end of last week, Cisco announced that there was a zero-day vulnerability in its AnyConnect Secure Mobility Client software. The vulnerability comes with a proof-of-concept exploit code that is publicly available online. For the layman, this security flaw would allow a hacker to implant malicious code on all AnyConnect users’ devices on Windows, Mac, and Linux. And the worst part is that Cisco doesn’t have a fix for the flaw yet.
However, it’s not all gloom, as the vulnerability likely isn’t affecting that many people. For one, the bug is not a mobile threat, as devices running iOS and Android are both entirely safe from the problem. Plus, users must actively be in an AnyConnection session to be vulnerable, so the timetable is much smaller than the average breach.
Also, according to Cisco, the bug requires the Auto-Update and Enable Scripting settings to be enabled, one of which is disabled by default. However, if you do have both enabled, you could be in for some trouble, given that Cisco doesn’t have a specific solution to the problem just yet.
What Can Cisco Customers Do?
Right now, there’s tragically not a lot you can do from a solution standpoint, but there are workarounds that can help you stay safe for the time being. Rather than try to explain it ourselves, we’ll let the proprietors of this technology give you the details on how to mitigate the damage from this security flaw:
“A mitigation for this vulnerability is to disable the Auto Update feature. Additional details can be found in the Disabling AnyConnect Auto Update section of the Cisco AnyConnect Secure Mobility Client Administrator Guide,” the Cisco Security Advisory explains. “If the Auto Update feature cannot be disabled, disabling the Enable Scripting configuration setting would reduce the attack surface.”
Fortunately, Cisco has told users that a solution is on the way, and it will be provided in the form of a completely free software update. Still, no timeline has been set for that update, so it would be best to take matters into your own hands for the time being.
Alternative VPN Providers
The VPN market is a big one, with plenty of great options available. If this experience with Cisco has turned you off from its VPN, or if this news has got you thinking about how much you need a VPN, you’re in luck!
Tech.co has done a lot of research to help discover which VPNs are the best so you don’t have to. Whether you’re trying to torrent, protect your activity, or just stream Netflix from a different country, take a look at this table of other VPN providers to get a good idea of what you can find on the market today.
| Price From Lowest price for single month subscription to cheapest paid tier. Other plans are available. | Verdict | No. of Devices | Zero Data Logging | Kill Switch | Email Support | Live Chat | Free Trial | Try Click to find the latest offers, deals and discounts from the VPN provider | ||
|---|---|---|---|---|---|---|---|---|---|---|
 |  |  |  |  |  |  |  |  | ||
|
| $2.99/month | $1.63/month | $9.99/month | $3.00/month min. ($1 per location) | ~$4.87 per month | $2.19/month | $8.32/month | |||
| Super fast and easy to use, NordVPN is among the best we’ve tested. Advanced features like Onion-Over-VPN make it stand out from the crowd. | A fast VPN that performed well on our speed tests, and also owns a lot of its own server infrastructure. | A safe, simple, outstanding VPN, with thousands of servers dotted across almost 70 different countries. | Affordably priced ultra-secure VPN that has great privacy features but is a little slow. | A reliable, widely-used VPN that has decent privacy controls, but it performed very poorly on our speed tests. | A decently-priced VPN that does all the basics well, but has an incredibly small server network compared to PureVPN and Co. | A decent option for seasoned torrenters, but a little pricier than PureVPN and Private Internet Access. | A user-friendly VPN based in Romania with servers optimized for streaming, but no obfuscation technology. | A highly reliable VPN with servers in more than 100 countries – but it comes with one of the heftiest price tags on the market. | ||
| 6 | Unlimited | 5 | Unlimited | 8-12 | Unlimited | 10 | 7 | 5 | ||
| | | | | | | | | | ||
| | | | | | | | | | ||
| | | | | | | | | | ||
| | | | | | | | | | ||
| 30-day money-back guarantee | Yes (iOS and Android) | | | | | | | 30-day money-back guarantee | ||
| See Deals | See Deals | See Deals | See Deals | See Deals | See Deals | See Deals | See Deals | See Deals |
If you click on, sign up to a service through, or make a purchase through the links on our site, or use our quotes tool to receive custom pricing for your business needs, we may earn a referral fee from the supplier(s) of the technology you’re interested in. This helps Tech.co to provide free information and reviews, and carries no additional cost to you. Most importantly, it doesn’t affect our editorial impartiality. Ratings and rankings on Tech.co cannot be bought. Our reviews are based on objective research analysis. Rare exceptions to this will be marked clearly as a ‘sponsored’ table column, or explained by a full advertising disclosure on the page, in place of this one. Click to return to top of page
