Scroll Top

Cisco Releases Critical New Patch for VPN Software

Cisco Releases Critical New Patch for VPN Software
0
By Jeffrey Jones Bugs Issues February 8, 2018

VPN Software No Workarounds Except Upgrade

Possible Exploit in the Wild

Cisco Systems has released a new Patch for a Critical VPN Vulnerability rated 10 out of 10 by the Common Vulnerabilities and Exposures (CVE). Our research found at least one Possible Exploit in the Wild  that will cause a denial of service.

In a statement Cisco Says;

“After further investigation, Cisco has identified additional attack vectors and features that are affected by this vulnerability. In addition, it was also found that the original fix was incomplete so new fixed code versions are now available.”vpn

A vulnerability in the XML parser of  the Adaptive Security Appliance  Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. It was also possible that the ASA could stop processing incoming Virtual Private Network authentication requests due to a low memory condition.

The vulnerability is due to an issue with allocating and freeing memory when processing a malicious XML payload. An attacker could exploit this vulnerability by sending a crafted XML packet to a vulnerable interface on an affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, cause a reload of the affected device or stop processing of incoming VPN authentication requests.

To be vulnerable the ASA must have Secure Socket Layer (SSL) services or IKEv2 Remote Access VPN services enabled on an interface. The risk of the vulnerability being exploited also depends on the accessibility of the interface to the attacker.

Cisco has released software updates that address this vulnerability. There are no workarounds that address all the features that are affected by this vulnerability.”

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1

Vulnerable Cisco products Include:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD)
0
Jeffrey Jones / About Author
Jeff Jones is a Cyber Security Architect and Ethical Hacker for Topgallant Partners. He has been in Data Communications for over 35 years. He responsible for all day-to-day operations, technical consulting, and security design for Topgallant.

His expertise is in Security Program Design, Security Risk Analysis and Assessment and Cyber Security Testing to include Penetration Testing, Vulnerability Testing, Social Engineering, Phishing, Wi-Fi Exploitations, Password Cracking, Man-in-the Middle Attacks and Web Application Hacking.

He has a M.A. in Computer Resources Management from Webster University and a B.A. in Journalism from Purdue University. He is also a terrible golfer.
More posts by Jeffrey Jones
Our website uses cookies from third party services to improve your browsing experience. Read more about this and how you can control cookies by clicking "Privacy Preferences".
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our privacy policy
Required