#VU15357 Man-in-the-middle attack in Cisco Adaptive Security Appliance (ASA)
Vulnerability identifier: #VU15357
Vulnerability risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-120
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco Adaptive Security Appliance (ASA)
Hardware solutions /
Security hardware applicances
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote unauthenticated attacker to conduct man-in-the-middle attack on the target system.
The weakness exists in the TCP syslog module due to buffer overflow in an internal function. A remote attacker can establish a man-in-the-middle position between an affected device and its configured TCP syslog server, modify the TCP header in segments that are sent from the syslog server, trigger memory corruption and cause all TCP-based features to stop functioning.
The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Cisco Adaptive Security Appliance (ASA): All versions
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-syslog-d...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
