#VU12092 Improper certificate validation in Cisco ASA 5500-X Series - CVE-2018-0227
Published: April 23, 2018
Vulnerability identifier: #VU12092
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0227
CWE-ID: CWE-295
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco ASA 5500-X Series
Cisco ASA 5500-X Series
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.
The weakness exists in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature due to incorrect verification of the SSL Client Certificate. A remote attacker can connect to the ASA VPN without a proper private key and certificate pair, establish an SSL VPN connection to the ASA when the connection should have been rejected and bypass certain SSL certificate verification steps.
The weakness exists in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature due to incorrect verification of the SSL Client Certificate. A remote attacker can connect to the ASA VPN without a proper private key and certificate pair, establish an SSL VPN connection to the ASA when the connection should have been rejected and bypass certain SSL certificate verification steps.
Remediation
Update to versions 100.13(0.174), 96.2(0.167), 9.6(4), 9.6(3.18) or 9.4(4.14).