CyberWisdom Safe Harbor Commentary on Cisco ASA Vulnerability
The vulnerability is located in the Secure Sockets Layer (SSL) VPN feature implemented by CISCO ASA software and was discovered by Cedric Halbronn, a researcher at the NCC Group. This vulnerability earned a General Vulnerability Score of 10.0 system score.
According to CISCO, when the “webvpn” feature is enabled on the device, it is about trying to free memory. An attacker could exploit this vulnerability by sending specially crafted XML packets to the webvpn-configured interface.
Further investigation into this vulnerability revealed more attack vectors and for that reason, the company released a new update. Researchers also found denial of service issues affecting the Cisco ASA platform.
A blog post from Cisco Systems wrote: “After the survey was expanded, Cisco engineers discovered additional attack vectors and features that were affected by the vulnerability and were not initially identified by the NCC Group and subsequently updated for security Suggest.
Experts have noticed that this vulnerability is related to the XML parser in CISCO ASA software, and an attacker can trigger this vulnerability by sending a specially crafted XML file to a vulnerable interface.
CISCO ASA attack
The list of affected Cisco ASA products includes:
- 3000 Series Industrial Safety Equipment (ISA)
- ASA 5500 Series Adaptive Safety Equipment
- ASA 5500-X Series Next-Generation Firewall
- ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
- ASA 1000V cloud firewall
- Adaptive Security Virtual Appliance (ASAv)
- Firepower 2100 Series Security Appliance
- Firepower 4110 Security Appliance
- Firepower 9300 ASA Security Module
- Firepower Threat Defense Software (FTD)
According to Cisco experts, there is currently no news about exploiting vulnerabilities, and it is important to apply security updates anyway.
Cisco has rolled out new security patches for a critical vulnerability, tracked as CVE-2018-0101, in its CISCO ASA (Adaptive Security Appliance) software. At the end of January, the company released security updates the same flaw in Cisco ASA software. The vulnerability could be exploited by a remote and unauthenticated attacker to execute arbitrary code or trigger Engaging post, Read More…
thumbnail courtesy of securityaffairs.co
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »