Man-in-the-middle attack in Cisco Adaptive Security Appliance (ASA) - CVE-2018-15399
Published: October 14, 2018
Vulnerability identifier: #VU15357
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-15399
CWE-ID: CWE-300
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Adaptive Security Appliance (ASA)
Cisco Adaptive Security Appliance (ASA)
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to conduct man-in-the-middle attack on the target system.
The weakness exists in the TCP syslog module due to buffer overflow in an internal function. A remote attacker can establish a man-in-the-middle position between an affected device and its configured TCP syslog server, modify the TCP header in segments that are sent from the syslog server, trigger memory corruption and cause all TCP-based features to stop functioning.
The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS.
The weakness exists in the TCP syslog module due to buffer overflow in an internal function. A remote attacker can establish a man-in-the-middle position between an affected device and its configured TCP syslog server, modify the TCP header in segments that are sent from the syslog server, trigger memory corruption and cause all TCP-based features to stop functioning.
The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS.
How to mitigate CVE-2018-15399
Install update from vendor's website.