Improper certificate validation in Cisco ASA 5500-X Series - CVE-2018-0227
Published: April 23, 2018
Vulnerability identifier: #VU12092
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0227
CWE-ID: CWE-295
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco ASA 5500-X Series
Cisco ASA 5500-X Series
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.
The weakness exists in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature due to incorrect verification of the SSL Client Certificate. A remote attacker can connect to the ASA VPN without a proper private key and certificate pair, establish an SSL VPN connection to the ASA when the connection should have been rejected and bypass certain SSL certificate verification steps.
The weakness exists in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature due to incorrect verification of the SSL Client Certificate. A remote attacker can connect to the ASA VPN without a proper private key and certificate pair, establish an SSL VPN connection to the ASA when the connection should have been rejected and bypass certain SSL certificate verification steps.
How to mitigate CVE-2018-0227
Update to versions 100.13(0.174), 96.2(0.167), 9.6(4), 9.6(3.18) or 9.4(4.14).