Webinar Series: Purple Teaming - Validating Detection & Response Capabilities

February 5, 2018

Critical Vulnerability Advisory: Cisco ASA Remote Code Execution & DOS Vulnerability - Updated - Additional Patching Required

Cisco ASA Remote Code Execution & DOS Vulnerability

Release Date (01-29-2018) - Updated (02-05-2018) CVE#-2018-0101

Affected Products - Must have WebVPN enabled to be vulnerable

3000 Series Industrial Security Appliance (ISA)
ASA 5500 Series Adaptive Security Appliances
ASA 5500-X Series Next-Generation Firewalls
ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
ASA 1000V Cloud Firewall
Adaptive Security Virtual Appliance (ASAv)
Firepower 2100 Series Security Appliance
Firepower 4110 Security Appliance
Firepower 4120 Security Appliance
Firepower 4140 Security Appliance
Firepower 4150 Security Appliance
Firepower 9300 ASA Security Module
Firepower Threat Defense Software (FTD)
FTD Virtual

Vulnerability Details

After further investigation, Cisco has identified additional attack vectors and features that are affected by this vulnerability. In addition, it was also found that the original fix was incomplete so new fixed code versions are now available.This vulnerability affects an unknown function of the SSL VPN component within the ASA. The vulnerability is triggered when an attacker attempts to double free a section of memory when the VPN component is active on the ASA. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system.

Remediation

Unlike last week, all major trains that can be patched now have patches available, including 9.9. There are patched versions for the 9.1, 9.2, 9.4, 9.6, 9.7, 9.8, and 9.9 trains for the affected Cisco ASAs. NetWorks Group will continue to monitor this vulnerability and update accordingly in the case of additional required patching.

Defensive MitigationsCisco has identified that there are no defensive mitigations or workarounds for this vulnerability that do not entail hampering features or updating/downgrading the device. Disabling webvpn from access to the Outside or as a whole will mitigate the harm this vulnerability being exploited could cause, however this will also disable webvpn functionality.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1 https://vuldb.com/?id.112635 https://recon.cx/2018/brussels/talks/cisco.htmlNetWorks Group Managed Service Customers running affected products already have the recommended patch in place. As software fixes are released, NWG will contact each customer to arrange for an upgrade of the managed device.All other customers running an affected product should plan to implement any recommended defensive mitigations as soon as possible to address the issues in this advisory.If you have questions regarding this notice, please call us at 734-827-1400, option 3 or email support@networksgroup.com

Subscribe to get new content! Never miss a security update from the team.

Security news, tips, webinars, and more straight to your inbox.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

NetWorks Group is an Ethical Hacking and Managed Security Services Provider (MSSP) with practices in Offensive Security, Defensive Security, and Compliance. Founded in 1997, we have over 25 years of experience delivering services that improve security outcomes. Our services are designed to provide you with a clear risk-informed understanding of your security, so that you can invest where it matters. Our unique approach to security not only helps you stay ahead of cyber criminals but also helps reduce cost and increase efficiency.