Cisco Cisco ASA 5585-X Adaptive Security Appliance
Americas Headquarters:
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
Release Notes for the Cisco ASA 5500-X Series,
Version 8.6(x)
Version 8.6(x)
Released: February 28, 2012
Update: July 12, 2016
Update: July 12, 2016
This document contains release information for the Cisco ASA 5500-X software Version 8.6(1).
This document includes the following sections:
•
•
•
•
•
•
•
•
Important Notes
•
Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability—Multiple
vulnerabilities have been fixed for clientless SSL VPN in ASA software, so you should upgrade your
software to a fixed version. See
vulnerabilities have been fixed for clientless SSL VPN in ASA software, so you should upgrade your
software to a fixed version. See
details about the vulnerability and a list of fixed ASA versions. Also, if you ever ran an earlier ASA
version that had a vulnerable configuration, then regardless of the version you are currently running,
you should verify that the portal customization was not compromised. If an attacker compromised
a customization object in the past, then the compromised object stays persistent after you upgrade
the ASA to a fixed version. Upgrading the ASA prevents this vulnerability from being exploited
further, but it will not modify any customization objects that were already compromised and are still
present on the system.
version that had a vulnerable configuration, then regardless of the version you are currently running,
you should verify that the portal customization was not compromised. If an attacker compromised
a customization object in the past, then the compromised object stays persistent after you upgrade
the ASA to a fixed version. Upgrading the ASA prevents this vulnerability from being exploited
further, but it will not modify any customization objects that were already compromised and are still
present on the system.