On Monday, January 29th Cisco announced a high-urgency vulnerability impacting SSL WebVPN services on a wide range of products.
This vulnerability allows an unauthenticated attacker to remotely execute commands on affected devices. The Common Vulnerability Scoring System (CVSS) has rated this threat a score of 10 – the highest possible rating on this scale. This is not a threat to be taken lightly.
This vulnerability only impacts businesses with the SSL WebVPN feature enabled.
It is important to understand this threat was identified by a researcher and reported directly to Cisco. There are currently no known malicious uses of the vulnerability described in this advisory; however, we're alerting our clients to prevent any future malicious behavior.
According to Cisco, “The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, or cause a reload of the affected device.”
- 3000 Series Industrial Security Appliance (ISA)
- ASA 5500 Series Adaptive Security Appliances
- ASA 5500-X Series Next-Generation Firewalls
- ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
- ASA 1000V Cloud Firewall
- Adaptive Security Virtual Appliance (ASAv)
- Firepower 2100 Series Security Appliance
- Firepower 4110 Security Appliance
- Firepower 9300 ASA Security Module
- Firepower Threat Defense Software (FTD)
If you have SymQuest's SafetyNet Services:
SymQuest clients should have an active SMARTnet agreement on any production hardware, but in the event it has lapsed, Cisco will provide patches.
SymQuest will be working proactively to immediately schedule upgrades for all affected SafetyNet clients. If you are an Enterprise or Ultimate client, this work will be performed at no charge. If you have any questions, please reach out to your Technical Account Manager (TAM) or your Account Executive.
If you do not have SymQuest's SafetyNet Services:
For those organizations that are not covered under our SafetyNet programs you can download the Cisco patch immediately by contacting Cisco's Technical Assistance Center (TAC) at 1-800-553-2447
We also recommend designing Disaster Recovery (DR) and strategic IT plans to mitigate future risks, and to ensure that if one safeguard fails, that others will still be there to protect you, your systems, and your information. Click here to learn about SymQuest's comprehensive security assessment which can highlight the areas of your network that need remediation.
For more information regarding this vulnerability please visit https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1.
To stay up to date on the latest news about network security and vulnerabilities subscribe to Tech Talk today.