Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2018-0229 |
CWE-ID | CWE-384 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Cisco AnyConnect Secure Mobility Client Client/Desktop applications / Other client software |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU12088
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0229
CWE-ID:
CWE-384 - Session Fixation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information.
The weakness exists in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication due to there is no mechanism for the ASA or FTD Software to detect that the authentication request originates from the AnyConnect client directly. A remote attacker can trick the victim into clicking a specially crafted link and authenticate using the company's Identity Provider (IdP), hijack a valid authentication token, use that to establish an authenticated AnyConnect session through an affected device running ASA or FTD Software and gain access to potentially sensitive information.
Update Cisco ASA 5500-X Series to versions 99.2(10.2), 97.1(17.1), 9.9(2.230), 9.9(2.1), 9.8(2.244), 9.8(2.243), 9.8(2.219), 9.8(2.217), 9.8(2.216), 9.8(2.215), 9.8(2.28), 9.7(1.111), 9.7(1.110), 9.7(1.24) and install update from vendor's website for Cisco AnyConnect Secure Mobility Client.
Vulnerable software versionsCisco AnyConnect Secure Mobility Client: 4.6.200
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.