—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability

Advisory ID: cisco-sa-20180129-asa1

Revision: 1.0

For Public Release: 2018 January 29 17:00 GMT

Last Updated: 2018 January 29 17:00 GMT

CVE ID(s): CVE-2018-0101

CVSS Score v(3): 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

+———————————————————————

Summary
=======
A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.

The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, or cause a reload of the affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJab1WuXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfcz+mMP/iKv1wMFuWv4MfM/CLEOBRrbslAI
AsiozNNDCJ2SF+UMRegaJ/zTPy3RB62kYVpQo6zYKYSRpiKWxz3BDzoES+7SN2bu
T18PN76qDs1Xn2BRj8Y8k8dP1xzc3s40AGnA0HO/5nzl8tXZ7t8mIPmAkuXHjtVP
PRsp+te17piS6rdMcwj1T4OdMZBvKcol/iGe+iN/bnmuo/qsyMFCCMV6oCVdbJr1
o/i1H6KTA2zidrPJfudsOkGke9MQx8kd76XE4dsgzkEHPdh0g5klEzXVsJT/1cKZ
0iXr7EhLdKHWvHmkVmBJ4n19GP80pTfbAVTLgjz3aklP/V58aFBG8N2e/twWDbFn
/thZKWUkIaukYYN3zh43N8RQ1kBN9yyeOdzERZFMThNqExLpeDby+WM8V/yZJSBb
rmHkpgpngZ2g0UE5rEmCH7MTpzvEJokk8WDbqBb8ipIjIKZJkG0/y1NG5YAE2jZq
g339IlqtU3JbwADXeWqIZdSw107P+OCH75MjOzEDh5KMNYXs1bIXIlnw4LI6zIdY
5Od8mCkBpARYeEbHo43cwRmsoRiNMKEVt7Q6VbiuU24pGHwGoXcLToek5mXlbVzB
qwQ/3vNDIXu0WANIclZ9RmJCTzJDmBZzwdih6jrEk3mmwkULfxPufmrULNmWxMQe
jDacO0CEpZZ42gmq
=f807
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com