SB2018100311 - Multiple vulnerabilities in Cisco Adaptive Security Appliance
Published: October 3, 2018
Security Bulletin ID
SB2018100311
Severity
Medium
Patch available
YES
Number of vulnerabilities
4
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Man-in-the-middle attack (CVE-ID: CVE-2018-15399)
The vulnerability allows a remote unauthenticated attacker to conduct man-in-the-middle attack on the target system.The weakness exists in the TCP syslog module due to buffer overflow in an internal function. A remote attacker can establish a man-in-the-middle position between an affected device and its configured TCP syslog server, modify the TCP header in segments that are sent from the syslog server, trigger memory corruption and cause all TCP-based features to stop functioning.
The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS.
2) Improper input validation (CVE-ID: CVE-2018-15397)
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.The weakness exists in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality due to an error during renegotiating of the encryption key for an IPsec tunnel when certain TFC traffic is in flight. A remote attacker can send a malicious stream of TFC traffic through an established IPsec tunnel and cause a daemon process on the affected device to crash.
3) Resource exhaustion (CVE-ID: CVE-2018-15383)
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.The weakness exists in the cryptographic hardware accelerator driver the affected devices have a limited amount of Direct Memory Access (DMA) memory and the affected software improperly handles resources in low-memory conditions. A remote attacker can send a sustained, high rate of malicious traffic to an affected device, exhaust DMA memory and cause the device to reload and result in a temporary DoS condition.
4) Security restrictions bypass (CVE-ID: CVE-2018-15398)
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.The weakness exists in the per-user-override feature due to errors when the affected software constructs and applies per-user-override rules. A remote attacker can connect to a network through an affected device that has a vulnerable configuration and access resources that are behind the affected device and would typically be protected by the interface ACL.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-syslog-d...
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-ipsec-dos
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-dma-dos
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-acl-bypass