January 29, 2018 – Waltham, MA – Please be aware that Cisco released a Critical Severity Impact Rated (SIR) Security Advisory today affecting nearly all of the Cisco firewall product lines. This advisory has the highest possible CVSS risk score of 10.0. The exploit mechanics will be presented at an NCC conference later this week.
A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.
The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, or cause a reload of the affected device.
Essentially, an ASA or Firepower FW hosting Anyconnect VPN, or clientless VPN, and it’s on code that is more than 3 months old, is vulnerable; there are no workarounds. The recommendation, given the critical nature of this advisory, is to upgrade to a fixed version of code listed in the advisory link below.
NWN is currently working on mitigation details for Managed Security Service customers with firewalls under support. A team member will be reaching out with an action plan to remediate this advisory.
– NWN Security Team
The advisory can be found at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1