Heap-based buffer overflow in Cisco Adaptive Security Appliance (ASA) - CVE-2017-3807
Published: February 8, 2017 / Updated: February 17, 2017
Vulnerability identifier: #VU5673
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2017-3807
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Adaptive Security Appliance (ASA)
Cisco Adaptive Security Appliance (ASA)
Detailed vulnerability description
The vulnerability allows an authenticated remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when parsing HTTP requests within Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software. A remote authenticated attacker can send a specially crafted HTTP request to "https://<asa_ip_address>/+webvpn+/CIFS_R/" URL, trigger heap-based buffer overflow and cause denial of service or execute arbitrary code on vulnerable device.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable device.
How to mitigate CVE-2017-3807
Install patched version:
Cisco ASA versions prior to 9.0 - migrate to 9.1(7.13) or later
Cisco ASA 9.0 - migrate to 9.1(7.13) or later
Cisco ASA 9.1 - update to 9.1(7.13) or later
Cisco ASA 9.2 - migrate to 9.4(4) or later
Cisco ASA 9.3 - migrate to 9.4(4) or later
Cisco ASA 9.4 - update to 9.4(4) or later
Cisco ASA 9.5 - migrate to 9.6(2.10) or later
Cisco ASA 9.6 - update to 9.6(2.10) or later
Cisco ASA versions prior to 9.0 - migrate to 9.1(7.13) or later
Cisco ASA 9.0 - migrate to 9.1(7.13) or later
Cisco ASA 9.1 - update to 9.1(7.13) or later
Cisco ASA 9.2 - migrate to 9.4(4) or later
Cisco ASA 9.3 - migrate to 9.4(4) or later
Cisco ASA 9.4 - update to 9.4(4) or later
Cisco ASA 9.5 - migrate to 9.6(2.10) or later
Cisco ASA 9.6 - update to 9.6(2.10) or later