Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability
Advisory ID: cisco-sa-20180129-asa1
First Published: 2018 January 29 17:00 GMT
Last Updated: 2018 January 29 22:33 GMT
Version 1.2: Final
Workarounds: No workarounds available
Cisco Bug IDs:
A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.
The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, or cause a reload of the affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
This vulnerability affects Cisco ASA Software that is running on the following Cisco products:
3000 Series Industrial Security Appliance (ISA)
ASA 5500 Series Adaptive Security Appliances
ASA 5500-X Series Next-Generation Firewalls
ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
ASA 1000V Cloud Firewall
Adaptive Security Virtual Appliance (ASAv)
Firepower 2100 Series Security Appliance
Firepower 4110 Security Appliance
Firepower 9300 ASA Security Module
Firepower Threat Defense Software (FTD)
This vulnerability affects devices that are running a vulnerable release of Cisco ASA Software where the webvpn feature is enabled. To determine whether webvpn is enabled, administrators can use the show running-config webvpn command at the CLI and verify that the command returns output.
The following example shows the output of the command for a device that is running Cisco ASA Software and is configured for webvpn.
ciscoasa# show running-config webvpn
Determining the ASA Running Software Release
To determine whether a vulnerable version of Cisco ASA Software is running on a device, administrators can use the show version command in the CLI. The following example shows the output of the command for a device that is running Cisco ASA Software Release 9.2(1):
ciscoasa# show version | include Version
Cisco Adaptive Security Appliance Software Version 9.2(1)
Device Manager Version 7.4(1)
Customers who use Cisco Adaptive Security Device Manager (ASDM) to manage devices can locate the software release in the table that appears in the login window or the upper-left corner of the Cisco ASDM window.
This vulnerability applies to the FTD 6.2.2 software release, which was the first to support the Remote Access VPN feature. This release contains both Firepower and ASA code. Review Firepower Threat Defense Devices in the Cisco Firepower Compatibility Guide for additional information.
Determining the Running FTD Software Release
Administrators can use the show version command at the CLI to determine the FTD release. In this example, the device is running software release 6.2.2.
> show version
———————[ ftd ]———————
Model : Cisco ASA5525-X Threat Defense (75) Version 6.2.2 (Build 362)
UUID : 2849ba3c-ecb8-11e6-98ca-b9fc2975893c
Rules update version : 2017-03-15-001-vrt
VDB version : 279
Products Confirmed Not Vulnerable
No other Cisco products are currently known to be affected by this vulnerability.
There are no workarounds that address this vulnerability.