—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Adaptive Security Appliance Virtual Private Network SSL Client Certificate Bypass Vulnerability

Advisory ID: cisco-sa-20180418-asa1

Revision: 1.0

For Public Release: 2018 April 18 16:00 GMT

Last Updated: 2018 April 18 16:00 GMT

CVE ID(s): CVE-2018-0227

CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

+———————————————————————

Summary

=======

A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL certificate verification steps.

The vulnerability is due to incorrect verification of the SSL Client Certificate. An attacker could exploit this vulnerability by connecting to the ASA VPN without a proper private key and certificate pair. A successful exploit could allow the attacker to establish an SSL VPN connection to the ASA when the connection should have been rejected.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa1 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa1”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJa127yXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczmMUP+wQIX8dd+cY9nSFVJXRFSsekkhBX
6JNKDagvIlDSKyVunDmIrfU6f3A/imUNg3ZnFjVqCp6+UV6IotHPGSQ4/o7i/wlc
C6kwN19WKeOjJ5X81N7re6nEgFBYJXwyIdWL8uSfW1NvXz9XnTXe8FZ+/cFyT28z
fNN+GfvcHROTz5BlbUY/8Y7800DP/Ik3+cCwzhTBVx6Nn/MPMjgydZnD902yCAh7
fRK+28g699JpeXlcAqCsMADYEs9N7+rEc6lRnm/yOYoIqbaKrXawj8Kcj9LI9/ve
J1rDBnAU6pXWH3K3f94Sp/OopASMrn6ixYVz81CENzQSOOsQDonUBk6hWY09EjRV
Zwak6srNB1jA1i+OSmUgVGauuh4xIR2GyjaRjbuzv9oXWNQg1i/L//00C81kbQNr
RTH7A5vvG6db+UwWIQwTQYxqqooj9DeraeLAntBanLlvKpHU4AIQnQrhuQR8/uuE
w1t5+xkNvcQ3LM/ljD4U8xSuW6Wp1P/eZId4uFlH24bKa+WzxtWtQEF61oITK5H5
7Ef+SebY9chnuLLx7176EvvjF6TmCUmLnUgnH/ybvc9thonGuVZowNiQFkOBosd9
jK+DrCQu5PAxGklChQZSwcx69zQZiQmr7n2TexHlDn11FIHdosVf2uqaxpImfE64
6HO7RGlTyGLiv8o8
=xoOC
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com