Cisco Fixes Hole in Security Appliances

Tuesday, January 30, 2018 @ 05:01 PM gHale

Cisco released updates for its Adaptive Security Appliance (ASA) software to patch a critical vulnerability.

The fix takes care of an exploit that could allow an attacker to gain full control of devices or cause them to reload.

RELATED STORIES
S4: Safety System Attack Details
S4: Network Monitoring Champion
S4: Lean OT Security
S4: Open-Minded Security? Just Try

The vulnerability (CVE-2018-0101) has a CVSS score of 10 where it could allow a remote and unauthenticated attacker to execute arbitrary code or cause a denial-of-service (DoS) condition.

The flaw exists in the Secure Sockets Layer (SSL) VPN functionality of the ASA software. If this “webvpn” feature is enabled on a device, an attempt to double free a memory region occurs.

A remote attacker could initiate the bug by sending specially crafted XML packets to a webvpn-configured interface.

Several security appliances using ASA software ended up affected, including 3000 Series Industrial Security Appliances (ISA), ASA 5500 security appliances and firewalls, ASA services modules for Catalyst 6500 series switches and 7600 series routers, ASA cloud firewalls, ASAv virtual appliances, and various Firepower devices.

Cisco released fixes for each of the affected ASA releases, except for ones that are no longer supported.

Cisco is not aware of any malicious attacks exploiting this flaw, but its product security incident response team (PSIRT) “is aware of public knowledge of the vulnerability.”



Leave a Reply

You must be logged in to post a comment.