Cisco Confirms Critical Firewall Software Bug Is Under Attack

Attackers are trying to exploit a critical vulnerability in Cisco’s Adaptive Security Appliance firewall software, the company has confirmed.

Cisco has updated its advisory for the vulnerability, which was first revealed on Jan. 29 and has been logged as CVE-2018-0101, on Feb. 7.  “The Cisco Product Security Incident Response Team (PSIRT) is aware of public knowledge of the vulnerability that is described in this advisory,” the update states. “Cisco PSIRT is aware of attempted malicious use of the vulnerability described in this advisory.”

The vulnerability received a Common Vulnerability Scoring System base score of 10.0, the highest possible. It was first discovered by Cedric Halbronn, a researcher with NCC Group.

A successful attacker would be able to view all data moving through the system, along with giving them admin privileges and remote access to the network, according to NCC. Meanwhile, “targeting the vulnerability without a specially-crafted exploit would cause the firewall to crash and would potentially disrupt the connectivity to the network,” the company said.

The vulnerability could be up to seven years old, according to a detailed presentation [PDF] Halbronn gave this week at the REcon conference in Brussels.

Users posted proof-of-concept code to Pastebin, with the title “Cisco ASA CVE-2018-0101 Crash PoC.” It wasn’t immediately clear whether the attacks referenced by Cisco employed the code.

Cisco issued a patch for the vulnerability, but days later updated it after finding additional attack vectors and features that are impacted by it.

The vulnerability is associated with ASA’s XML parser. Attackers can exploit it by pushing a malicious XML file through, allowing them to “execute arbitrary code and obtain full control of the system, cause a reload of the affected device or stop processing of incoming VPN authentication requests,” according to Cisco’s security advisory.

Affected products include the 3000 Series Industrial Security Appliance, ASA 5500 Series Adaptive Security Appliances ASA 5500-X Series Next-Generation Firewalls, Adaptive Security Virtual Appliance, a range of Firepower Security appliances and Firepower Threat Defense Software.

Source: ThreatPost

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!