#VU12090 Buffer underflow in Cisco ASA 5500-X Series


Published: 2018-04-18 | Updated: 2018-04-23

Vulnerability identifier: #VU12090

Vulnerability risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0231

CWE-ID: CWE-124

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco ASA 5500-X Series
Hardware solutions / Security hardware applicances

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the Transport Layer Security (TLS) library due to insufficient validation of user-supplied input. A remote attacker can send a malicious TLS message to an interface enabled for Secure Layer Socket (SSL) service, trigger buffer underflow and cause the service to crash.

Mitigation
Update to versions 201.1(15.1), 201.1(1.97), 101.2(1.44), 100.13(0.173), 100.11(0.90), 99.1(22.1), 99.1(21.5), 99.1(20.127), 99.1(20.47), 99.1(10.21), 98.2(10.4), 98.2(0.8), 98.1(18.3), 98.1(16.8), 98.1(12.102), 98.1(1.150), 98.1(0.30), 97.1(0.169), 96.2(0.160), 9.8(2.9), 9.8(2), 9.8(1.99), 9.8(0.106), 9.7(1.16), 9.6(4), 9.6(3.18), 9.4(4.13), 9.2(4.26), 201.1(15.1), 201.1(1.97), 201.1(1.6), 101.2(1.44), 100.13(0.173), 100.11(0.90), 99.1(22.1), 99.1(21.9), 99.1(21.6), 99.1(20.127), 99.1(20.60), 99.1(20.51), 98.2(10.4), 98.2(0.8), 98.1(18.4), 98.1(16.8), 98.1(12.107), 98.1(1.154), 97.1(0.169), 96.2(0.160), 9.8(2.9), 9.8(2), 9.8(1.99), 9.7(1.16), 9.6(4), 9.6(3.18), 9.4(4.13), 9.2(4.26), 201.1(15.1), 201.1(1.97), 201.1(1.6), 101.2(1.44), 101.1(1.4), 100.13(0.173), 100.11(0.90), 99.1(22.1), 99.1(21.9), 99.1(20.127), 99.1(20.60), 98.2(10.4), 98.2(0.8), 98.1(18.6), 98.1(12.117), 97.1(0.169), 96.2(0.160), 9.8(2.9), 9.8(2), 9.8(1.99), 9.7(1.16), 9.6(4), 9.6(3.18), 9.4(4.13) or 9.2(4.26).

Vulnerable software versions

Cisco ASA 5500-X Series: 9.8.1 - 98.1.1.154

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa3

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Rockwell Automation Allen-Bradley Stratix 5950
Multiple vulnerabilities in Cisco ASA 5500-X Series