Cisco Systems has confirmed that recently-leaked malware tied to the National Security Agency exploited a high-severity vulnerability that had gone undetected for years in every supported version of the company's Adaptive Security Appliance firewall.

The previously unknown flaw makes it possible for remote attackers who have already gained a foothold in a targeted network to gain full control over a firewall, Cisco warned in an advisory published Wednesday. The bug poses a significant risk because it allows attackers to monitor and control all data passing through a vulnerable network. To exploit the vulnerability, an attacker must control a computer already authorized to access the firewall or the firewall must have been misconfigured to omit this standard safeguard. "It's still a critical vulnerability e

http://arstechnica.com/security/2016/08/cisco-confirms-nsa-linked-zeroday-targeted-its-firewalls-for-years/