[SingCERT] Alert on Cisco Adaptive Security Appliance (ASA) Critical Vulnerability (CVE-2018-0101)

Published on Thursday, 01 February 2018 16:43

UPDATED 5 Feb 2018: After further investigations, Cisco has identified additional attack vectors and features that are affected by this vulnerability. In addition, it was discovered that the original patch was incomplete, thus Cisco released new security updates. System administrators are advised to update to the latest software version as soon as possible.

Background

On 29 January 2018, Cisco announced a critical vulnerability (CVE-2018-0101) found on its Adaptive Security Appliance (ASA) software with a maximum Common Vulnerability Score System (CVSS) severity base score of 10 out of 10. The vulnerability is found in the Secure Sockets Layer (SSL) VPN functionality of the ASA and is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system, resulting in unauthenticated remote access.

Affected Products

This vulnerability affects the following Cisco products:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD)
Impact

A successful exploit could allow an attacker to execute arbitrary code and obtain full control of the system to perform malicious activities or cause a denial of service by continually reloading the affected device. Reloading could occur in the form of rebooting or restarting the device.

Recommendations

According to Cisco, there is no workaround for this vulnerability. Cisco has released software updates to address this security gap. System administrators are advised to update affected devices to the latest software version as soon as possible.

Visit Cisco advisory for more information: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1

References

https://nvd.nist.gov/vuln/detail/CVE-2018-0101

https://www.first.org/cvss/

[5 Feb 2018] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1