Cisco Adaptive Security Appliance Vulnerability

Posted: 2 February 2018
Cisco ASA security alert

A security vulnerability has been identified in Cisco’s Adaptive Security Appliance (ASA) software and firewall devices that could allow unauthenticated attackers to reload the affected system or to execute arbitrary code remotely.

How does this affect my organisation?

If you operate Cisco ASA firewalls and have enabled the WebVPN interface you are susceptible to this vulnerability. Please note that WebVPN is not enabled by default in Cisco ASAs. The vulnerability originates from a flaw in the secure socket layer (SSL)-based virtual private networking (VPN) component of the ASA device, which is used for remote access. By sending data packets containing specially crafted XML files to ASA devices with the WebVPN interface, attackers can run any code they like and take full control of vulnerable systems.

Threat rating and recommendation

Based on information available at the time of this notice, we have classified this threat as Action required (urgent remediation action required) and recommend that you act as per Cisco’s advisory. Cisco classifies this vulnerability as Critical.

If you subscribe to AC3’s managed services offerings, a representative from AC3 will be in contact to determine the next steps. If you do not subscribe to AC3’s managed services but would like assistance or more information, please contact your relationship manager. Alternatively, you may upgrade impacted devices yourself by contacting Cisco Technical Assistance Centre. Please have the product serial number available and be prepared to provide the URL of the Cisco advisory as evidence of entitlement to a free upgrade.

More information

More information about this security vulnerability is available at the links below.

For more information, please contact Cisco support at 1800 805 227 or your AC3 relationship manager.