What You Should Know About the Cisco WebVPN Vulnerability

Posted by Kevin Davis - February 02, 2018 - Important Information

SQ_Blog_CyberAlert.jpg

On Monday, January 29th Cisco announced a high-urgency vulnerability impacting SSL WebVPN services on a wide range of products. 

This vulnerability allows an unauthenticated attacker to remotely execute commands on affected devices.  The Common Vulnerability Scoring System (CVSS) has rated this threat a score of 10 – the highest possible rating on this scale.  This is not a threat to be taken lightly.  

This vulnerability only impacts businesses with the SSL WebVPN feature enabled.    

It is important to understand this threat was identified by a researcher and reported directly to Cisco.  There are currently no known malicious uses of the vulnerability described in this advisory; however, we're alerting our clients to prevent any future malicious behavior.  

According to Cisco, “The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, or cause a reload of the affected device.”

Affected Products

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD)

NEXT STEPS

If you have SymQuest's SafetyNet Services:

SymQuest clients should have an active SMARTnet agreement on any production hardware, but in the event it has lapsed, Cisco will provide patches.

SymQuest will be working proactively to immediately schedule upgrades for all affected SafetyNet clients.  If you are an Enterprise or Ultimate client, this work will be performed at no charge. If you have any questions, please reach out to your Technical Account Manager (TAM) or your Account Executive.

If you do not have SymQuest's SafetyNet Services:

For those organizations that are not covered under our SafetyNet programs you can download the Cisco patch immediately by contacting Cisco's Technical Assistance Center (TAC) at 1-800-553-2447

We also recommend designing Disaster Recovery (DR) and strategic IT plans to mitigate future risks, and to ensure that if one safeguard fails, that others will still be there to protect you, your systems, and your information. Click here to learn about SymQuest's comprehensive security assessment which can highlight the areas of your network that need remediation. 

For more information regarding this vulnerability please visit https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1

To stay up to date on the latest news about network security and vulnerabilities subscribe to Tech Talk today.

about the author

Kevin Davis

Kevin Davis is currently the Vice President of Service and Support for SymQuest, and is based in the South Burlington, VT and West Lebanon, NH office locations. Davis is responsible for the network and client support teams at SymQuest. Davis started with SymQuest in April of 2007 as an Incident Response Engineer. His love for customer service and technology quickly led him through various engineering positions where his passion for process improvement and motivating team members advanced him to management positions with increasing responsibilities leading to his present role as Vice President of Service and Support. Kevin holds many industry IT certifications and was a member of True Profits Group.

Kevin Davis
LinkedIn

Comments