#VU15357 Man-in-the-middle attack in Cisco Adaptive Security Appliance (ASA) - CVE-2018-15399
Published: October 14, 2018
Vulnerability identifier: #VU15357
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-15399
CWE-ID: CWE-300
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Adaptive Security Appliance (ASA)
Cisco Adaptive Security Appliance (ASA)
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote unauthenticated attacker to conduct man-in-the-middle attack on the target system.
The weakness exists in the TCP syslog module due to buffer overflow in an internal function. A remote attacker can establish a man-in-the-middle position between an affected device and its configured TCP syslog server, modify the TCP header in segments that are sent from the syslog server, trigger memory corruption and cause all TCP-based features to stop functioning.
The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS.
The weakness exists in the TCP syslog module due to buffer overflow in an internal function. A remote attacker can establish a man-in-the-middle position between an affected device and its configured TCP syslog server, modify the TCP header in segments that are sent from the syslog server, trigger memory corruption and cause all TCP-based features to stop functioning.
The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS.
Remediation
Install update from vendor's website.