Vulnerability identifier: #VU10328
Vulnerability risk: Critical
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-415
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
Cisco Adaptive Security Appliance (ASA)
Hardware solutions /
Security hardware applicances
Cisco ASA 5500
Hardware solutions /
Security hardware applicances
Cisco ASA 5500-X Series
Hardware solutions /
Security hardware applicances
Cisco Catalyst 6500 Series ASA Services Module
Hardware solutions /
Security hardware applicances
Cisco 7600 Series ASA Services Module
Hardware solutions /
Security hardware applicances
Cisco ASA 1000V Cloud Firewall
Hardware solutions /
Security hardware applicances
Cisco Firepower 9300 Security Appliance
Hardware solutions /
Security hardware applicances
Cisco Adaptive Security Virtual Appliance (ASAv)
Server applications /
Virtualization software
Firepower 2100 Series Security Appliance
Server applications /
IDS/IPS systems, Firewalls and proxy servers
Firepower 4110 Security Appliance
Server applications /
IDS/IPS systems, Firewalls and proxy servers
3000 Series Industrial Security Appliance (ISA)
Server applications /
IDS/IPS systems, Firewalls and proxy servers
Adaptive Security Appliance (ASA) CX
Hardware solutions /
Firmware
Vendor:
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a double-free error when parsing XML packets on webvpn-configured interface. A remote unauthenticated attacker can send a series of specially crafted XML packets to webvpn-enable device, trigger double-free error and corrupt memory.
Successful exploitation of the vulnerability may allow an attacker to cause denial of service condition or execute arbitrary code on the target system.
Note: according to Cisco, the vulnerability was publicly disclosed prior to vendor notification. There are known exploitation attempts of this vulnerability in the wild.
The following products are affected:
Mitigation
Install updates from vendor's website.
Vendor has released new patched on February 5.
Vulnerable software versions
Cisco Adaptive Security Appliance (ASA): 9.2.4 - 9.8.1
Cisco ASA 5500: All versions
Cisco ASA 5500-X Series: All versions
Cisco Catalyst 6500 Series ASA Services Module: All versions
Cisco 7600 Series ASA Services Module: All versions
Cisco ASA 1000V Cloud Firewall : All versions
Cisco Adaptive Security Virtual Appliance (ASAv): All versions
Cisco Firepower 9300 Security Appliance: All versions
Firepower 2100 Series Security Appliance: All versions
Firepower 4110 Security Appliance: All versions
3000 Series Industrial Security Appliance (ISA): All versions
:
Adaptive Security Appliance (ASA) CX: 9.2.4 - 9.8.1
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg35618
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.