For the second time CISCO issues security patch to fix a critical vulnerability in CISCO ASA
Your Feed is from https://www.safeharboroncyber.com/Blog/
CyberWisdom Safe Harbor Commentary on Cisco ASA Vulnerability
The securityaffairs.co finds out how Cisco has tracked new security patches for a serious vulnerability (CVE-2018-0101) in its CISCO ASA (Adaptive Security Appliance) software.
The company released the same security update as the Cisco ASA software at the end of January. An attacker who is remotely unauthenticated can exploit this vulnerability to execute arbitrary code or to trigger Denial of Service (DoS) situations that result in a system reload.
The vulnerability is located in the Secure Sockets Layer (SSL) VPN feature implemented by CISCO ASA software and was discovered by Cedric Halbronn, a researcher at the NCC Group. This vulnerability earned a General Vulnerability Score of 10.0 system score.
According to CISCO, when the “webvpn” feature is enabled on the device, it is about trying to free memory. An attacker could exploit this vulnerability by sending specially crafted XML packets to the webvpn-configured interface.
Further investigation into this vulnerability revealed more attack vectors and for that reason, the company released a new update. Researchers also found denial of service issues affecting the Cisco ASA platform.
A blog post from Cisco Systems wrote: “After the survey was expanded, Cisco engineers discovered additional attack vectors and features that were affected by the vulnerability and were not initially identified by the NCC Group and subsequently updated for security Suggest.
Experts have noticed that this vulnerability is related to the XML parser in CISCO ASA software, and an attacker can trigger this vulnerability by sending a specially crafted XML file to a vulnerable interface.
CISCO ASA attack
The list of affected Cisco ASA products includes:
3000 Series Industrial Safety Equipment (ISA)
ASA 5500 Series Adaptive Safety Equipment
ASA 5500-X Series Next-Generation Firewall
ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
ASA 1000V cloud firewall
Adaptive Security Virtual Appliance (ASAv)
Firepower 2100 Series Security Appliance
Firepower 4110 Security Appliance
Firepower 9300 ASA Security Module
Firepower Threat Defense Software (FTD)
According to Cisco experts, there is currently no news about exploiting vulnerabilities, and it is important to apply security updates anyway.
Read more…
Cisco has rolled out new security patches for a critical vulnerability, tracked as CVE-2018-0101, in its CISCO ASA (Adaptive Security Appliance) software. At the end of January, the company released security updates the same flaw in Cisco ASA software. The vulnerability could be exploited by a remote and unauthenticated attacker to execute arbitrary code or trigger Engaging post, Read More…
thumbnail courtesy of securityaffairs.co
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post
The post For the second time CISCO issues security patch to fix a critical vulnerability in CISCO ASA appeared first on Safe Harbor on Cyber.
Powered by WPeMatico
convert this post to pdf.