Bird_banner_small4
Cisco Adaptive Security Appliance Webvpn XML Parser Double Free
TSL ID TSL20180129-07
CVE ID(s) CVE-2018-0101
Severity Critical
Description

A double free vulnerability has been reported in Cisco Adaptive Security Appliance. The vulnerability is due to improper handling of XML packets on interfaces configured with the webvpn module.

A remote, unauthenticated attacker could exploit the vulnerability by sending crafted XML packets to a target server. Successful exploitation could lead to arbitrary code execution.

The vendor, Cisco, has released the following advisory regarding this issue:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1

Affected Products
  • Cisco Systems Adaptive Security Appliance (ASA) 8.x
  • Cisco Systems Adaptive Security Appliance (ASA) 9.0
  • Cisco Systems Adaptive Security Appliance (ASA) 9.1 prior to 9.1.7.23
  • Cisco Systems Adaptive Security Appliance (ASA) 9.2 prior to 9.2.4.27
  • Cisco Systems Adaptive Security Appliance (ASA) 9.3
  • Cisco Systems Adaptive Security Appliance (ASA) 9.4 prior to 9.4.4.16
  • Cisco Systems Adaptive Security Appliance (ASA) 9.5
  • Cisco Systems Adaptive Security Appliance (ASA) 9.6 prior to 9.6.4.3
  • Cisco Systems Adaptive Security Appliance (ASA) 9.7 prior to 9.7.1.21
  • Cisco Systems Adaptive Security Appliance (ASA) 9.8 prior to 9.8.2.20
  • Cisco Systems Adaptive Security Appliance (ASA) 9.9 prior to 9.9.1.2
CVSS Score Base 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C):
  • Access vector is NETWORK
  • Access complexity is LOW
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is COMPLETE
  • Impact of this vulnerability on data integrity is COMPLETE
  • Impact of this vulnerability on data availability is COMPLETE
Temporal 7.8 (E:POC/RL:OF/RC:C):
  • The exploitability level of this vulnerability is PROOF OF CONCEPT
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
References https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
https://www.nccgroup.trust/globalassets/newsroom/uk/events/2018/02/reconbrx2018-robin-hood-vs-cisco-asa.pdf
Related Threats