India, Sept. 26 -- A severe zero-day vulnerability affecting the Cisco Adaptive Security Appliance (ASA) devices is currently being exploited, allowing attackers to hijack sessions and bypass Duo multifactor authentication. The vulnerability exposes enterprise and government networks to compromise that does not require valid credentials. Cisco has acknowledged the vulnerability, advising that successful exploitation may allow attackers to gain unauthorized access, escalate the attack, and compromise one of the last layers of defense. Cisco stated that while a permanent fix is still being developed, temporary mitigations are available.

Cisco has issued an advisory that attackers are exploiting an unpatched vulnerability in the ASA platfor...