SB2018012914 - Remote code execution in Cisco Adaptive Security Appliance (ASA)
Published: January 29, 2018 Updated: February 7, 2018
Security Bulletin ID
SB2018012914
Severity
Critical
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Double-free error (CVE-ID: CVE-2018-0101)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability exists due to a double-free error when parsing XML packets on webvpn-configured interface. A remote unauthenticated attacker can send a series of specially crafted XML packets to webvpn-enable device, trigger double-free error and corrupt memory.
Successful exploitation of the vulnerability may allow an attacker to cause denial of service condition or execute arbitrary code on the target system.
Note: according to Cisco, the vulnerability was publicly disclosed prior to vendor notification. There are known exploitation attempts of this vulnerability in the wild.
The following products are affected:
- 3000 Series Industrial Security Appliance (ISA)
- ASA 5500 Series Adaptive Security Appliances
- ASA 5500-X Series Next-Generation Firewalls
- ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
- ASA 1000V Cloud Firewall
- Adaptive Security Virtual Appliance (ASAv)
- Firepower 2100 Series Security Appliance
- Firepower 4110 Security Appliance
- Firepower 4120 Security Appliance
- Firepower 4140 Security Appliance
- Firepower 4150 Security Appliance
- Firepower 9300 ASA Security Module
- Firepower Threat Defense Software (FTD)
- FTD Virtual
Remediation
Install update from vendor's website.