Cisco VPN Has a Major Security Bug With No Fix for It

Cisco has announced that its VPN is currently experiencing a major security flaw, and there's no fix yet.
Conor Cawley

Your latest attempt to be secure online may have done the opposite, as Cisco revealed that its VPN software currently has a major security flaw. And to make matters worse, there is still no fix to the problem yet.

The online world has become a veritable wild west of security problems. From ransomware to phishing scams, keeping yourself safe online has gone from peace of mind exercise to necessary precaution, especially during 2020's pandemic.

VPNs are ideally supposed to add a bit of security to your hectic online life, but tragically, as the Cisco VPN has shown us, that's not always the case.

Cisco Reveals Security Flaw in VPN

At the end of last week, Cisco announced that there was a zero-day vulnerability in its AnyConnect Secure Mobility Client software. The vulnerability comes with a proof-of-concept exploit code that is publicly available online. For the layman, this security flaw would allow a hacker to implant malicious code on all AnyConnect users’ devices on Windows, Mac, and Linux. And the worst part is that Cisco doesn’t have a fix for the flaw yet.

However, it's not all gloom, as the vulnerability likely isn’t affecting that many people. For one, the bug is not a mobile threat, as devices running iOS and Android are both entirely safe from the problem. Plus, users must actively be in an AnyConnection session to be vulnerable, so the timetable is much smaller than the average breach.

Also, according to Cisco, the bug requires the Auto-Update and Enable Scripting settings to be enabled, one of which is disabled by default. However, if you do have both enabled, you could be in for some trouble, given that Cisco doesn’t have a specific solution to the problem just yet.

What Can Cisco Customers Do?

Right now, there’s tragically not a lot you can do from a solution standpoint, but there are workarounds that can help you stay safe for the time being. Rather than try to explain it ourselves, we’ll let the proprietors of this technology give you the details on how to mitigate the damage from this security flaw:

“A mitigation for this vulnerability is to disable the Auto Update feature. Additional details can be found in the Disabling AnyConnect Auto Update section of the Cisco AnyConnect Secure Mobility Client Administrator Guide,” the Cisco Security Advisory explains. “If the Auto Update feature cannot be disabled, disabling the Enable Scripting configuration setting would reduce the attack surface.”

Fortunately, Cisco has told users that a solution is on the way, and it will be provided in the form of a completely free software update. Still, no timeline has been set for that update, so it would be best to take matters into your own hands for the time being.

Alternative VPN Providers

The VPN market is a big one, with plenty of great options available. If this experience with Cisco has turned you off from its VPN, or if this news has got you thinking about how much you need a VPN, you’re in luck!

Tech.co has done a lot of research to help discover which VPNs are the best so you don’t have to. Whether you’re trying to torrent, protect your activity, or just stream Netflix from a different country, take a look at this table of other VPN providers to get a good idea of what you can find on the market today.

0 out of 0
  • backward
  • forward
Test Score
Our scoring is based on independent tests and assessments of features, privacy settings, ease of use and value.
Verdict
No. of Devices
No. of Servers
Zero Data Logging
Killswitch
Email Support
Live Chat
Ease of Use
Features
Privacy
Speed
Help & Support
Value for Money
Free Trial
Price From
Try
Click to find the latest offers, deals and discounts from the VPN provider
4.1
4.0
3.9
3.8
3.7
3.7
3.7
3.5
3.5
3.5

Fast, effective, low-cost and simple – the best VPN we've tested

Powerful features and security, but a bit technical. Some massive savings currently available.

A safe, simple, outstanding VPN

Outstanding value, with an advanced VPN app

Good VPN privacy at good speeds

A good, well-priced VPN

A decent option for expert users

A user-friendly VPN, let down by some speed loss

Superb features, but at a higher cost

A powerful tool for expert users

6

5

5

5

5

10

10

5

3

5

3,605

1,000

2,000+

3,035

3,000

480

112

40

1,500

60

★★★★★

★★★★★

★★★★★

★★★★☆

★★★★☆

★★★★★

★★★★★

★★★★★

★★★★★

★★★☆☆

★★★☆☆

★★★★★

★★★★★

★★★☆☆

★★★☆☆

★★★☆☆

★★★★★

★★★☆☆

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★★☆

★★★★☆

★★★☆☆

★★★★☆

★★★☆☆

★★★☆☆

★★★☆☆

★★☆☆☆

★★★☆☆

★★★★☆

★★★★☆

★★★★★

★★★★☆

★★★★☆

★★★☆☆

★★★☆☆

★★★★☆

★★★★☆

★★★★☆

★★★☆☆

★★★★☆

★★★★☆

★★★★★

★★★★☆

★★★★☆

★★★★☆

★★★★☆

★★★★☆

★★★☆☆

★★★★☆

$2.99 (3-year plan)

$3.25 (1-year plan)

$2.88 (2-year plan)

$3.33 (1-year plan)

$4.99 (1-year plan)

$4.08 (1-year plan)

$4 (1-year plan)

$3.50 (2-year plan)

$8.32 (1-year plan)

$2.66 (1-year plan)

About our links

Tech.co is reader-supported. If you make a purchase through the links on our site, we may earn a commission from the retailers of the products we have reviewed. This helps Tech.co to provide free advice and reviews for our readers. It has no additional cost to you, and never affects the editorial independence of our reviews. Click to return to top of page

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Conor is the Senior Writer for Tech.co. For the last five years, he’s written about everything from Kickstarter campaigns and budding startups to tech titans and innovative technologies. His extensive background in stand-up comedy made him the perfect person to host tech-centric events like Startup Night at SXSW and the Timmy Awards for Tech in Motion. You can email Conor at conor@tech.co.

Explore More See all news
close Step up your business video conferencing with GoToMeeting, our top rated conferencing app – try it free for 14 days Try GoToMeeting Free