Story image

Cisco ASA appliances at risk of denial of service exploit

13 Feb 2018

The Australian Cyber Security Centre (ACSC) has issued an official alert to those who use Cisco’s Adaptive Security Appliance (ASA), after a proof of concept showed that the devices are vulnerable to a denial of service attack.

The original vulnerability (CVE-2018-0101) was found at the end of January, however by February 7 Cisco had uncovered more potential attack vectors.

According to Cisco, a vulnerability in its ASA software could allow an unauthenticated and remote attacker to cause a system reload or to remotely execute code.

The ASA could also potentially stop processing VPN authentication requests due to low memory.

“To be vulnerable the ASA must have Secure Socket Layer (SSL) services or IKEv2 Remote Access VPN services enabled on an interface. The risk of the vulnerability being exploited also depends on the accessibility of the interface to the attacker,” Cisco says.

The cause is due to a memory allocation and freeing issue during malicious XML payload processing.

Cisco explains in more detail:

“An attacker could exploit this vulnerability by sending a crafted XML packet to a vulnerable interface on an affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, cause a reload of the affected device or stop processing of incoming VPN authentication requests.”

The ACSC adds that the publicised proof of concept code results in a denial of service condition – but that code will likely evolve into code that can achieve remote code execution.

Cisco has already identified 'attempted malicious use of the vulnerability' in the wild although it is unknown whether this refers to witnessing remote code execution or a denial of service condition,” the ACSC says in an alert.

The ACSC recommends that organisations with affected devices patch as soon as possible. Cisco adds that it has released software updates to address the vulnerability, but there are currently ‘no workarounds that address all the features that are affected by this vulnerability’.

Cisco ASA software running on the following products are all vulnerable:

- 3000 Series Industrial Security Appliance (ISA) - ASA 5500 Series Adaptive Security Appliances - ASA 5500-X Series Next-Generation Firewalls - ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers - ASA 1000V Cloud Firewall - Adaptive Security Virtual Appliance (ASAv) - Firepower 2100 Series Security Appliance - Firepower 4110 Security Appliance - Firepower 4120 Security Appliance - Firepower 4140 Security Appliance - Firepower 4150 Security Appliance - Firepower 9300 ASA Security Module - Firepower Threat Defense Software (FTD) - FTD Virtual

Five things MSPs need to keep in mind in 2019
A Datto APAC channel exec outlines the most important factors for MSP to being paying attention to in the coming year.
Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nozomi and RIoT to deliver advanced ICS security solutions to Australia
''As a specialised integrator of robust and resilient ICT and IoT solutions within Australia, we are delighted to be partnering with Nozomi Networks."
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.