Preparing…
952-223-4422
109 Rice Street South Jordan MN 55352

Cisco has a severe VPN bug, Patch immediately!

This just in, Cisco, the “worldwide leader in IT and networking”  has a severe but, that has been rated a “10 out of 10” by a security researcher.

The bug has to do with Cisco’s ASA software (Adaptive security Appliance). This bug is identified as a severe double-free vulnerability that is located in the Secure Sockets Layer VPN.  The danger in this vulnerability of the VPN service, is that an unauthenticated person may gain access via remote, and gain the ability to reload an affected system, or remotely execute code.

Furthering the potential danger, if an unauthenticated person were to use a specially crafted XML packet, they could gain complete control of the affected system. This information is all from Cisco’s advisory which is now lighting up the net.

As for the rating that is applied with this bug, which is identified as “CVE-2018-010”, there is a scoring system that indicates the vulnerability level of such bugs, and it was indicated that this specific bug rates a full 10 out of 10 on the scoring system.

Cisco want’s to stress that the bug is only exploitable if the ASA devices have the webvpn  feature enabled. Users may check this setting and ensure it is disabled by following the command-line interface instructions that is being provided by Cisco. Those commands can be found here.

The following is a list of known vulnerable technology:

  • 3000 Series industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches
  • Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • ASA Virtual appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Securtity Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD)

The bug is also known to apply to Cisco’s first remote access supported VPN, FTD 6.22 which was released last September. Versions before FTD 6.22 are not vulnerable.

You can check which versions you have through the instructions provided by Cisco here.

As of right now there are no known attacks involving this vulnerability, however Cisco is expecting reports of abusing this vulnerability.

Go check your systems and patch what you can. Stay vigilant in your defenses and don’t open any phishing emails!

contact_us_button

Leave a Reply