Vulnerability identifier: #VU12092

Vulnerability risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0227

CWE-ID: CWE-295

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco ASA 5500-X Series
Hardware solutions / Security hardware applicances

Vendor: Cisco Systems, Inc

Description
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.

The weakness exists in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature due to incorrect verification of the SSL Client Certificate. A remote attacker can connect to the ASA VPN without a proper private key and certificate pair, establish an SSL VPN connection to the ASA when the connection should have been rejected and bypass certain SSL certificate verification steps.

Mitigation
Update to versions 100.13(0.174), 96.2(0.167), 9.6(4), 9.6(3.18) or 9.4(4.14).

Vulnerable software versions

Cisco ASA 5500-X Series: 9.4.4

---

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa1

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.