Select Page

[Overview]

Cisco Adaptive Security Appliance (ASA) software is the core operating system of the Cisco ASA Series. It provides enterprise-class firewall functionality for physical or virtual ASA devices in distributed network environments. The XML parser vulnerability of VPN feature in this software allows unauthenticated remote attackers to reload system or remotely execute code.

[Vulnerability Details]

CVE-2018-0101: This vulnerability is caused by the fact that XML packets cannot be processed properly on the interface configured with the Web VPN module. An attacker can send a maliciously designed XML packet to a vulnerable interface on an affected system to exploit the vulnerability. If the vulnerability is exploited, the attacker can execute arbitrary code and gain complete control over the system, causing the reload of the affected device, or the stop of processing new VPN authentication requests, which in turn results in denial of service.

Vulnerability Source: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0101

[Severity]

Critical

[Affected Version]

  • Cisco Systems Adaptive Security Appliance (ASA) 8.x
  • Cisco Systems Adaptive Security Appliance (ASA) 9.0
  • Cisco Systems Adaptive Security Appliance (ASA) 9.1 prior to 9.1.7.23
  • Cisco Systems Adaptive Security Appliance (ASA) 9.2 prior to 9.2.4.27
  • Cisco Systems Adaptive Security Appliance (ASA) 9.3
  • Cisco Systems Adaptive Security Appliance (ASA) 9.4 prior to 9.4.4.16
  • Cisco Systems Adaptive Security Appliance (ASA) 9.5
  • Cisco Systems Adaptive Security Appliance (ASA) 9.6 prior to 9.6.4.3
  • Cisco Systems Adaptive Security Appliance (ASA) 9.7 prior to 9.7.1.21
  • Cisco Systems Adaptive Security Appliance (ASA) 9.8 prior to 9.8.2.20
  • Cisco Systems Adaptive Security Appliance (ASA) 9.9 prior to 9.9.1.2

[Proposal]


Update to the latest Cisco release

Cisco’s official statement: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1

[Hillstone Networks Solution]

Hillstone Networks has added signatures to the IPS signature database version 2.1.228. By deploying any Hillstone Networks solution with the IPS function, the Cisco Adaptive Security Appliance Webvpn XML Parser Double Free vulnerability can be quickly detected and effectively intercepted. This prevents internal systems from being controlled or rebooted, and keeps the integrity of the network and devices intact.


Threat Events Detected by Hillstone Solutions


Vulnerability Detail Description

Hillstone NGFWs Recognized for 8th Straight Year in Gartner® Magic Quadrant™, Named as a “Visionary”

Hillstone Networks Wins 2021 CybersecAsia Readers’ Choice Award

ZTNA: A Better Way to Control Access, Boost Security

Hillstone sBDS V3.4 Extends Supplementary Detection Capabilities

Kudos to the Hillstone Security Research Team for Being Acknowledge by Microsoft for Vulnerability Discovery

Hillstone Releases iSource, an Extended Detection and Response Platform

Hillstone’s A200W streamlines deployment of cost-effective perimeter solution

Endpoint Detection and Response: Getting from Good to Great

ADC V2.9 delivers traffic and balances links at an unprecedented level