One Week Later, Cisco Reissues ASA Fix

Tuesday, February 6, 2018 @ 05:02 PM gHale

Cisco repatched a patch. That is because researchers found additional attack vectors and features that include remote code execution and a denial of service vulnerability they initially patched last Tuesday.

Now system administrators have to update the vulnerable one more time.

Cisco Fixes Hole in Security Appliances
S4: Safety System Attack Details
S4: Network Monitoring Champion
S4: Lean OT Security

Initially, Cisco thought the vulnerability (CVE-2018-0101) only affected the webvpn feature of the Cisco Adaptive Security Appliance (ASA) software.

The scope of the vulnerability is also more extensive: Aside from potentially allowing unauthenticated, remote attackers to cause a reload of the affected system or to execute code remotely, they might also make the ASA stop processing incoming Virtual Private Network (VPN) authentication requests due to a low memory condition.

“The vulnerability is due to an issue with allocating and freeing memory when processing a malicious XML payload,” Cisco said in an updated advisory. “An attacker could exploit this vulnerability by sending a crafted XML packet to a vulnerable interface on an affected system.”

“To be vulnerable the ASA must have Secure Socket Layer (SSL) services or IKEv2 Remote Access VPN services enabled on an interface,” Cisco said. “The risk of the vulnerability being exploited also depends on the accessibility of the interface to the attacker.”

This vulnerability affects Cisco ASA software running on:
• 3000 Series Industrial Security Appliance (ISA)
• ASA 5500 Series Adaptive Security Appliances
• ASA 5500-X Series Next-Generation Firewalls
• ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
• ASA 1000V Cloud Firewall
• Adaptive Security Virtual Appliance (ASAv)
• Firepower 2100 Series Security Appliance
• Firepower 4110 Security Appliance
• Firepower 4120 Security Appliance
• Firepower 4140 Security Appliance
• Firepower 4150 Security Appliance
• Firepower 9300 ASA Security Module
• Firepower Threat Defense Software (FTD)
• FTD Virtual

There are no workarounds that address all the features affected by this vulnerability, but management access to the security appliance can be restricted to trusted hosts.

Leave a Reply

You must be logged in to post a comment.