Multiple vulnerabilities in Cisco Adaptive Security Appliance
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2018-15399 CVE-2018-15397 CVE-2018-15383 CVE-2018-15398 |
| CWE-ID | CWE-120 CWE-300 CWE-20 CWE-400 CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco Adaptive Security Appliance (ASA) Hardware solutions / Security hardware applicances Adaptive Security Appliance 5516-X Hardware solutions / Firmware Adaptive Security Appliance 5508-X Hardware solutions / Firmware Adaptive Security Appliance 5506W-X Hardware solutions / Firmware Adaptive Security Appliance 5506H-X Hardware solutions / Firmware Adaptive Security Appliance 5506-X Hardware solutions / Firmware |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Man-in-the-middle attack
EUVDB-ID: #VU15357
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-15399
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to conduct man-in-the-middle attack on the target system.
The weakness exists in the TCP syslog module due to buffer overflow in an internal function. A remote attacker can establish a man-in-the-middle position between an affected device and its configured TCP syslog server, modify the TCP header in segments that are sent from the syslog server, trigger memory corruption and cause all TCP-based features to stop functioning.
The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS.
Install update from vendor's website.
Vulnerable software versionsCisco Adaptive Security Appliance (ASA): All versions
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU15358
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-15397
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality due to an error during renegotiating of the encryption key for an IPsec tunnel when certain TFC traffic is in flight. A remote attacker can send a malicious stream of TFC traffic through an established IPsec tunnel and cause a daemon process on the affected device to crash.
Install update from vendor's website.
Vulnerable software versionsCisco Adaptive Security Appliance (ASA): 9.4.4
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-ipsec-dos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource exhaustion
EUVDB-ID: #VU15359
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-15383
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the cryptographic hardware accelerator driver the affected devices have a limited amount of Direct Memory Access (DMA) memory and the affected software improperly handles resources in low-memory conditions. A remote attacker can send a sustained, high rate of malicious traffic to an affected device, exhaust DMA memory and cause the device to reload and result in a temporary DoS condition.
Install update from vendor's website.
Vulnerable software versionsAdaptive Security Appliance 5516-X: 9.4.4
Adaptive Security Appliance 5508-X: 9.4.4
Adaptive Security Appliance 5506W-X: 9.4.4
Adaptive Security Appliance 5506H-X: 9.4.4
Adaptive Security Appliance 5506-X: 9.4.4
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-dma-dos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Security restrictions bypass
EUVDB-ID: #VU15360
Risk: Medium
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-15398
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.
The weakness exists in the per-user-override feature due to errors when the affected software constructs and applies per-user-override rules. A remote attacker can connect to a network through an affected device that has a vulnerable configuration and access resources that are behind the affected device and would typically be protected by the interface ACL.
Install update from vendor's website.
Vulnerable software versionsCisco Adaptive Security Appliance (ASA): 9.4.4
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
