Vulnerability Notification: Cisco Adaptive Security Appliance Webvpn XML Parser Double Free

[Overview]

Cisco Adaptive Security Appliance (ASA) software is the core operating system of the Cisco ASA Series. It provides enterprise-class firewall functionality for physical or virtual ASA devices in distributed network environments. The XML parser vulnerability of VPN feature in this software allows unauthenticated remote attackers to reload system or remotely execute code.

[Vulnerability Details]

CVE-2018-0101: This vulnerability is caused by the fact that XML packets cannot be processed properly on the interface configured with the Web VPN module. An attacker can send a maliciously designed XML packet to a vulnerable interface on an affected system to exploit the vulnerability. If the vulnerability is exploited, the attacker can execute arbitrary code and gain complete control over the system, causing the reload of the affected device, or the stop of processing new VPN authentication requests, which in turn results in denial of service.

Vulnerability Source: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0101

[Severity]

Critical

[Affected Version]

  • Cisco Systems Adaptive Security Appliance (ASA) 8.x
  • Cisco Systems Adaptive Security Appliance (ASA) 9.0
  • Cisco Systems Adaptive Security Appliance (ASA) 9.1 prior to 9.1.7.23
  • Cisco Systems Adaptive Security Appliance (ASA) 9.2 prior to 9.2.4.27
  • Cisco Systems Adaptive Security Appliance (ASA) 9.3
  • Cisco Systems Adaptive Security Appliance (ASA) 9.4 prior to 9.4.4.16
  • Cisco Systems Adaptive Security Appliance (ASA) 9.5
  • Cisco Systems Adaptive Security Appliance (ASA) 9.6 prior to 9.6.4.3
  • Cisco Systems Adaptive Security Appliance (ASA) 9.7 prior to 9.7.1.21
  • Cisco Systems Adaptive Security Appliance (ASA) 9.8 prior to 9.8.2.20
  • Cisco Systems Adaptive Security Appliance (ASA) 9.9 prior to 9.9.1.2

[Proposal]

Update to the latest Cisco release

Cisco’s official statement: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1

[Hillstone Networks Solution]

Hillstone Networks has added signatures to the IPS signature database version 2.1.228. By deploying any Hillstone Networks solution with the IPS function, the Cisco Adaptive Security Appliance Webvpn XML Parser Double Free vulnerability can be quickly detected and effectively intercepted. This prevents internal systems from being controlled or rebooted, and keeps the integrity of the network and devices intact.

Threat Events Detected by Hillstone Solutions

Vulnerability Detail Description