If the targeted device runs Cisco ASA Software Release 9.16 or earlier, the attacker can establish a clientless SSL VPN session without additional authorization upon successful authentication.

The bug applies to FTD 6.2.2, which Cisco released in September and was the first version to support remote access VPN. Systems with major release FTD versions before 6.2.2 aren't vulnerable.

The vulnerabilities exist in Cisco’s RV160, RV160W, RV260, RV260P, and RV260W VPN routers for small businesses. Cisco is rolling out fixes for critical holes in its lineup of small-business VPN ...

Cisco has released an emergency fix for its VPN tool to prevent hackers from causing Denial of Service attacks. Users are advised to update immediately.

Cisco has advised customers to trade in old Small Business RV VPN routers for newer models, as the old ones have high-severity vulnerabilities that it won’t be patching.