Ok first let me state that I am NOT looking for details on how to implement any exploit. I am only curious if one has been confirmed to exist for this situation. I was told by someone that "any good tech" can increase the amount of allowed webvpn users on an ASA, and that "anyone paying for additional users is foolish".
First, even it if were possible, I would not be for using it. I am only curious if something like this does exist, because I have seen an ASA or two with some suspicious licensing on the webvpn. It would be nice to know what, if anything, can be looked for to avoid units that have illigitimately increased licenses.
I am only asking specifically about the number of concurrent webvpn users. IE someone buying a base unit with the 2 included, and somehow increasing it to 10, or 25, or 100, w/o purchasing licenses through legal means. Again, I am not wanting to know how this is done, or trying to do this myself. I am only curious if this does in fact exist.
Information regarding possible exploit would have to be directed at your SEs and the business unit (usually through SEs).Obviously it's no place for me to comment on public forums, but I have not heard of (nor looked for) such an exploit ;-)
When you receive and ASA you also get a set of licenses tied to particular serial number, you can confirm with whoever provided you the equipment and/or PAKs (Product Activation Key).
If such an exploit exists, well potentially "yes" if someone understood how activation keys were being generated, verfied and applied (for example an ex-development engineer...) one could reverse engineer his way into this. If a smarter way exists - I'm not aware. I've done a few quick seraches (not to deep mind you) and came up without even a hint.
If you do have any info I would say, best person to share this with would be either TAC (as a getewat to BU) or an SE.
Listen: https://smarturl.it/CCRS8E47 Follow us: twitter.com/ciscochampions
Ransomware, fileless malware, and zero-day attacks continue to target organizations around the world. In response, organizations have resorted to deploying a variety of d...
This is a general information page for Cisco Threat Centric (TC-NAC) with ISE
Threat Centric Network Access Control (TC-NAC) feature enables you to create authorization policies based on the threat and vulnerability attributes received from the th...
The 2021 IT Blog Awards, hosted by Cisco, is now open for submissions. Submit your blog, vlog or podcast today. For more information, including category details, the process, past winners and FAQs, check out: https://www.cisco.com/c/en/us/t...
Cisco Secure Endpoint (formerly AMP for Endpoints) will decommission legacy cloud servers, which results in Legacy Windows Connector Versions 3.x/4.x and Mac Connector Version 1.0.x ceasing to ...
IntroductionRequirementsWhat problem does CSDAC solve?CSDAC ComponentsConfiguration CSDAC Login Connector AdaptersCSDAC WorkflowFMC Policy Configuration with Dynamic ObjectsUse Case: Blocking IP address using dynamic object without a policy push