google-site-verification: google30a059f9a075f398.html

A Perfect ten scored CVSS rating on 10 Cisco VPNs vulnerability

CyberWisdom Safe Harbor Commentary on Cisco VPNs vulnerability

What is most likely to be an overlooked story from explores the truth about a mis-programming code in Cisco VPNs software exist for more than five year  that introduces a highly critical vulnerability to a score of solid ten.  The vulnerability is opened for attacks on ten different Adaptive Security Appliances and Firepower Threat Defense software products.

The Cisco VPNs vulnerability scored a perfect rating of 10 on CVSS Scale, and exists in the SSL VPN feature of the product. This is bad news, because if you have already deployed VPNs (especially webvpn) for use by employees in the field, the interface will be exposed on the Internet. If you are lucky, attackers may trigger reloading and denial of service attacks. If you’re not lucky, criminals will be able to execute arbitrary malicious code on your network firewall.

Cisco VPNs vulnerability

Suggestion from Switchzilla: “This vulnerability was caused by an attempt to double release memory regions when webvpn functionality was enabled on Cisco ASA appliances. An attacker can send multiple elaborate XML packages to the webvpn configuration interface on the affected system Exploit this vulnerability. “

The issue affects Firewall Modules for the 3000 Series Industrial Firewall, ASA 5500 and 5500-X Firewalls, Catalyst 6500 Switches and 7600 Series Routers, Virtual ASA 1000V and ASAv Products, Three Firepower Appliances (2100, 4110 and 9300 ASA Modules) and Firepower Threads Defense (FTD) software.

Programming vulnerabilities seem to have been introduced in ASA 8.x, at least as early as a few years ago. Cisco has released an affected ASA build table along with the fixes from the above recommendations. This bug also affects Firepower Threat Defense 6.2.2 released last year, as well as subsequent releases (fixed or, depending on your hardware.

Both Adaptive Security Appliance software and Firepower Threat Defense software fixes are available – if you have a Cisco service contract, or your reseller can provide patches. If not, you will have to ask the Cisco Technical Assistance Center. ®

Patch your Adaptive Security Appliance and Firepower Threat Defense code before they’re utterly p0wned A programming slip in Cisco VPN software has created a critical vulnerability hitting ten different Adaptive Security Appliance and Firepower Threat Defense Software products. Engaging post, Read More…

thumbnail courtesy of

If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post » A Perfect ten scored CVSS rating on 10 Cisco VPNs vulnerability