Cisco Adaptive Security Appliance

Cisco Adaptive Security Appliance - RCE and DoS vulnerability

Reference: CERT.be Advisory #2018-002
Version: 1.0

Impacted Software

This vulnerability affects devices that are running a vulnerable release of Cisco ASA Software where the webvpn feature is enabled. To determine whether webvpn is enabled, administrators can use the show running-config webvpn command at the CLI and verify that the command returns output.
Example:
ciscoasa# show running-config webvpn
webvpn

Determining the ASA Running Software Release

To determine whether a vulnerable version of Cisco ASA Software is running on a device, administrators can use the show version command in the CLI. The following example shows the output of the command for a device that is running Cisco ASA Software Release 9.2(1):
ciscoasa# show version | include Version
Cisco Adaptive Security Appliance Software Version 9.2(1)
Device Manager Version 7.4(1)
Customers who use Cisco Adaptive Security Device Manager (ASDM) to manage devices can locate the software release in the table that appears in the login window or the upper-left corner of the Cisco ASDM window.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...

Risks

An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected device.

Summary

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.
The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Remediation

Cisco has released free software updates that address the vulnerability described in this advisory. If you have an affected version update your software accordingly (see table below).

1 - ASA Software releases prior to 9.1, including all 8.x releases, and ASA releases 9.3 and 9.5 have reached End of Software Maintenance. Customers should migrate to a supported release.