A critical vulnerability has been identified in the Secure Sockets Layer (SSL) VPN functionality of Cisco Adaptive Security Appliance (ASA) Software, potentially allowing unauthenticated remote attackers to execute code or crash affected devices. This vulnerability affects multiple Cisco ASA products and poses a severe threat to enterprise security if left unpatched.
Summary
The issue stems from a memory handling error where a region of memory may be double-freed when the webvpn feature is enabled. By sending specially crafted XML packets to a webvpn-configured interface, attackers can cause a system crash or execute arbitrary code, potentially gaining full control of the device.
Affected Products
This vulnerability impacts Cisco ASA Software running on the following:
-
Cisco 3000 Series Industrial Security Appliance (ISA)
-
ASA 5500 / ASA 5500-X Series Firewalls
-
ASA Services Module for Cisco Catalyst 6500 / Cisco 7600 Series
-
ASA 1000V Cloud Firewall
-
Adaptive Security Virtual Appliance (ASAv)
-
Firepower 2100, 4110, 9300 ASA Security Module
-
Firepower Threat Defense Software (FTD)
Resolution
There are no known workarounds at this time. Cisco has released software patches that fully address the vulnerability. Customers should prioritize patching immediately.
For organizations without the internal resources to patch or validate remediation across environments, PTP’s managed security services can help you act fast and mitigate risk.
Secure your environment today
Prevent exploitation of vulnerabilities with expert-managed security and response.