Session fixation in Cisco ASA 5500-X Series and Cisco AnyConnect Secure Mobility Client - CVE-2018-0229
Published: April 23, 2018
Vulnerability identifier: #VU12088
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0229
CWE-ID: CWE-384
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco ASA 5500-X Series
Cisco AnyConnect Secure Mobility Client
Cisco ASA 5500-X Series
Cisco AnyConnect Secure Mobility Client
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information.
The weakness exists in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication due to there is no mechanism for the ASA or FTD Software to detect that the authentication request originates from the AnyConnect client directly. A remote attacker can trick the victim into clicking a specially crafted link and authenticate using the company's Identity Provider (IdP), hijack a valid authentication token, use that to establish an authenticated AnyConnect session through an affected device running ASA or FTD Software and gain access to potentially sensitive information.
The weakness exists in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication due to there is no mechanism for the ASA or FTD Software to detect that the authentication request originates from the AnyConnect client directly. A remote attacker can trick the victim into clicking a specially crafted link and authenticate using the company's Identity Provider (IdP), hijack a valid authentication token, use that to establish an authenticated AnyConnect session through an affected device running ASA or FTD Software and gain access to potentially sensitive information.
How to mitigate CVE-2018-0229
Update Cisco ASA 5500-X Series to versions 99.2(10.2), 97.1(17.1), 9.9(2.230), 9.9(2.1), 9.8(2.244), 9.8(2.243), 9.8(2.219), 9.8(2.217), 9.8(2.216), 9.8(2.215), 9.8(2.28), 9.7(1.111), 9.7(1.110), 9.7(1.24) and install update from vendor's website for Cisco AnyConnect Secure Mobility Client.