A security flaw in the Cisco wireless VPN router and cisco wireless VPN firewall allows an attacker to gain remote access to the admin panel of the web management interface of the affected device.
According to the security advisory, the vulnerability is due to the improper handling of authentication requests by web framework.
"An attacker could exploit this vulnerability by intercepting, modifying and resubmitting an authentication request. " the security advisory reads.
Common Vulnerability Scoring System (CVSS) rated this vulnerability as highly critical vulnerability - base score is 10.
Cisco has issued a software update for all of the affected devices which will address this vulnerability. There are currently no known workarounds that mitigate this vulnerability.
Cisco says the vulnerability is not being publicly exploited by any attackers. It was reported by a security researcher Gustavo Javier Speranza.