On April 8, Cisco announced a security advisory for a Failover Command Injection Vulnerability in Cisco ASA. This vulnerability could allow an unauthenticated, adjacent attacker to submit configuration commands to any of the failover units via the failover interface. As a result, an attacker could be able to take full control of both the active and standby failover units. This vulnerability is documented in CVE ID CVE-2015-0675. The Common Vulnerability Scoring System (CVSS) temporal score for this vulnerability is 7.2.
The second April 2015 edition of SteelCentral NetAuditor Advisory Service update is now available for versions 18.0.0, 18.0.1, 18.0.2, and 18.0.3. This update includes a security advisory rule for identifying devices affected by this vulnerability.
The Riverbed Splash community is a network of users and a set of tools for connecting, sharing, and collaborating. Whether you're here to troubleshoot a technical problem,
get best practices on your Riverbed product deployment, or want to learn how to leverage Riverbed's developer tools, you'll find it here in our community.