Vulnerability identifier: #VU12092
Vulnerability risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-295
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco ASA 5500-X Series
Hardware solutions /
Security hardware applicances
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.
The weakness exists in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature due to incorrect verification of the SSL Client Certificate. A remote attacker can connect to the ASA VPN without a proper private key and certificate pair, establish an SSL VPN connection to the ASA when the connection should have been rejected and bypass certain SSL certificate verification steps.
Mitigation
Update to versions 100.13(0.174), 96.2(0.167), 9.6(4), 9.6(3.18) or 9.4(4.14).
Vulnerable software versions
Cisco ASA 5500-X Series: 9.4.4
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa1
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.