Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability
In response to Cisco Advisory ID: cisco-sa-20180129-asa1, Megatron Technology will be performing all ASA patches at 30% off the usual rates for the month of March*.
Fill up the form below for a sales representative to contact you regarding the patching of your Cisco ASA firewall.
Rerefences:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
Excerpt:
- Update from February 5, 2018: After further investigation, Cisco has identified additional attack vectors and features that are affected by this vulnerability. In addition, it was also found that the original fix was incomplete so new fixed code versions are now available. Please see the Fixed Software section for more information.
A vulnerability in the XML parser of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. It was also possible that the ASA could stop processing incoming Virtual Private Network (VPN) authentication requests due to a low memory condition.
The vulnerability is due to an issue with allocating and freeing memory when processing a malicious XML payload. An attacker could exploit this vulnerability by sending a crafted XML packet to a vulnerable interface on an affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, cause a reload of the affected device or stop processing of incoming VPN authentication requests.
To be vulnerable the ASA must have Secure Socket Layer (SSL) services or IKEv2 Remote Access VPN services enabled on an interface. The risk of the vulnerability being exploited also depends on the accessibility of the interface to the attacker. For a comprehensive list of vulnerable ASA features please refer to the table in the Vulnerable Products section.
Cisco has released software updates that address this vulnerability. There are no workarounds that address all the features that are affected by this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
Affected Products
Vulnerable Products
This vulnerability affects Cisco ASA Software that is running on the following Cisco products:- 3000 Series Industrial Security Appliance (ISA)
- ASA 5500 Series Adaptive Security Appliances
- ASA 5500-X Series Next-Generation Firewalls
- ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
- ASA 1000V Cloud Firewall
- Adaptive Security Virtual Appliance (ASAv)
- Firepower 2100 Series Security Appliance
- Firepower 4110 Security Appliance
- Firepower 4120 Security Appliance
- Firepower 4140 Security Appliance
- Firepower 4150 Security Appliance
- Firepower 9300 ASA Security Module
- Firepower Threat Defense Software (FTD)
- FTD Virtual (FTDv)
Impact
A successful exploit could allow an attacker to execute arbitrary code and obtain full control of the system to perform malicious activities or cause a denial of service by continually reloading the affected device. Reloading could occur in the form of rebooting or restarting the device.
Recommendations
According to Cisco, there is no workaround for this vulnerability. Cisco has released software updates to address this security gap. System administrators are advised to update affected devices to the latest software version as soon as possible.
Fill up the form below for a sales representative to contact you regarding the patching of your Cisco ASA firewall.
*Final prices subject to ASA firmware version and whether patches to be performed during / after office hours.