Another day, another vulnerability. Cisco Systems released this Monday a patch to fix a critical vulnerability in its Secure Sockets Layer VPN solution called Adaptative Security Appliance. According to a Cisco Security Advisor, the vulnerability could allow an authenticated and remote attacker to execute remote code on affected devices.
The vulnerability impacts approximately a dozen Cisco products ranging from 3000 Series Industrial Security Appliance, ASA 5500-X Series Next-Generation Firewalls and ASA 1000V Cloud Firewall. The bug (CVE-2018-0101) received a CVSS score of 10, the highest you can get. There are no workarounds available for the bug, Cisco said.
“The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device,” according to the advisory. “An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, or cause a reload of the affected device.”
“Traditional VPNs like Cisco’s expose an open port to the Internet, so any remote user on the planet can connect to it,” said Jason Garbis, co-chair of the Cloud Security Alliance’s Software-Defined Perimeter Working Group. The vulnerability, he said, will give an attacker access to a corporate network.
Prior to @reconbrx this weekend CISCO has released #CVE-2018-0101 which patches a pre-auth RCE in ASA and specifically AnyConnect – https://t.co/lV13anjAe8 – go to Brussels and hear from @saidelike – https://t.co/jOYdWoQIaG
— NCC Group Infosec (@NCCGroupInfosec) January 29, 2018
Garbis said:
“There are hundreds of thousands of these Cisco devices deployed worldwide. There are no workarounds – organizations must manually identify and patch all their Cisco ASA VPN servers in order to address this”
In its advisory, Cisco said it is aware of public knowledge of the vulnerability, but not aware of any instances the vulnerability has been exploited in the wild.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.