Red Flag Alert: Highest Severity Cisco ASA Firewall Vulnerability Currently Under Attack

Red Flag Alert: Highest Severity Cisco ASA Firewall Vulnerability Currently Under Attack

Red Flag Alert: Highest Severity Cisco ASA Firewall Vulnerability Currently Under Attack

Should you be worried? Given attacks are already in the wild, remediation is definitely a top priority for your network admin team.

This is what you need to know.

What is it?

Cisco has issued an update to its  January 29 security advisory that alerted customers to the highest rated critical vulnerability on its Adaptive Security Appliance (ASA) firewall platform’s Web VPN services. The flaw has a CVSS severity score of 10 out of 10.

Following an unsuccessful initial software update (and an unknown patch issued some 2 months before the Jan 29 advisory), the firm has warned that the severe security bug CVE-2018-0101 is currently being exploited.

What is at risk?

The vulnerability is enabled when Web VPN services are activated and could potentially be exploited by an attacker, by sending multiple crafted XML packets, to force a remote reload or execute code on the appliance.

The affected platforms include Cisco’s highly popular ASA5500/X Platforms as well as their virtual ASA and some chassis based firewall modules.

What should I do?

Ensure the latest critical patches have been deployed! Cisco has admitted the first patch was unsuccessful and since identified additional attack vectors and features that are affected by this vulnerability. It has issued new fixed code versions in its latest patch released February 7 so make sure this has been applied to your affected security appliances.

If you are using a cloud or managed service partner, we recommend you verify the patch levels on any Cisco ASA firewalls. We can confirm that this vulnerability does NOT apply to our Options Managed Platform or services but, as always, our team is keeping a watchful eye on Cisco for any developments.

John Gracey, VP Cybersecurity

 

Leave a Reply

Your email address will not be published. Required fields are marked *