#Patch only #HighRisk strategy is not future-proof. #CVE-2014-2120 in #Cisco ASA can lead to #unauthenticated access was classified as #MediumRisk in 2014. It had to mature 10 years and is now under active exploit.