Escolha uma Página

[Overview]

Cisco Adaptive Security Appliance (ASA) software is the core operating system of the Cisco ASA Series. It provides enterprise-class firewall functionality for physical or virtual ASA devices in distributed network environments. The XML parser vulnerability of VPN feature in this software allows unauthenticated remote attackers to reload system or remotely execute code.

[Vulnerability Details]

CVE-2018-0101: This vulnerability is caused by the fact that XML packets cannot be processed properly on the interface configured with the Web VPN module. An attacker can send a maliciously designed XML packet to a vulnerable interface on an affected system to exploit the vulnerability. If the vulnerability is exploited, the attacker can execute arbitrary code and gain complete control over the system, causing the reload of the affected device, or the stop of processing new VPN authentication requests, which in turn results in denial of service.

Vulnerability Source: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0101

[Severity]

Critical

[Affected Version]

  • Cisco Systems Adaptive Security Appliance (ASA) 8.x
  • Cisco Systems Adaptive Security Appliance (ASA) 9.0
  • Cisco Systems Adaptive Security Appliance (ASA) 9.1 prior to 9.1.7.23
  • Cisco Systems Adaptive Security Appliance (ASA) 9.2 prior to 9.2.4.27
  • Cisco Systems Adaptive Security Appliance (ASA) 9.3
  • Cisco Systems Adaptive Security Appliance (ASA) 9.4 prior to 9.4.4.16
  • Cisco Systems Adaptive Security Appliance (ASA) 9.5
  • Cisco Systems Adaptive Security Appliance (ASA) 9.6 prior to 9.6.4.3
  • Cisco Systems Adaptive Security Appliance (ASA) 9.7 prior to 9.7.1.21
  • Cisco Systems Adaptive Security Appliance (ASA) 9.8 prior to 9.8.2.20
  • Cisco Systems Adaptive Security Appliance (ASA) 9.9 prior to 9.9.1.2

[Proposal]


Update to the latest Cisco release

Cisco’s official statement: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1

[Hillstone Networks Solution]

Hillstone Networks has added signatures to the IPS signature database version 2.1.228. By deploying any Hillstone Networks solution with the IPS function, the Cisco Adaptive Security Appliance Webvpn XML Parser Double Free vulnerability can be quickly detected and effectively intercepted. This prevents internal systems from being controlled or rebooted, and keeps the integrity of the network and devices intact.


Threat Events Detected by Hillstone Solutions


Vulnerability Detail Description

Hillstone Adds Botnet C&C Prevention to StoneOS

Vulnerability Notification: Microsoft Windows Shell Zip File Remote Code Execution

Announcing Enhancements to Hillstone Networks CloudView

Announcing the Hillstone Server Breach Detection System 2.1

Vulnerability Notification: Adobe ColdFusion Deserialization

Vulnerability Notification: Oracle WebLogic Server XmlAdapter Deserialization

Statement on Vulnerability: Hillstone Networks does not use Intel Processors in its NGFW

Hillstone Responds to Bad Rabbit Ransomware

Protections of NEW Variant of Petya Ransomware Using Hillstone Network’s Layered Security Solution