× Welcome to SGCyberSecurity forum!

Feel free to discuss any topics relating to cybersecurity with the rest of the security community in this forum.

Topic-icon Cisco VPN ASA Bug

6 years 8 months ago #3837 by Icemanssl22

Cisco has warned customers using its Adaptive Security Appliance (ASA) software to patch a dangerous VPN bug that a researcher will be revealing how to exploit this weekend.

Cisco's ASA operating system for its network security devices has a severe double-free vulnerability in the Secure Sockets Layer VPN feature that it warns "could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code".

A successful attack using multiple, specially crafted XML packets would allow an attacker to take "full control of the system", according to Cisco's advisory.

Due to the ease of exploitation and the impact, the bug -- CVE-2018-010 -- has been given a Common Vulnerability Score System (CVSS) score of 10 out of a possible 10.

Please Log in or Create an account to join the conversation.

6 years 8 months ago #3838 by 1do1do

is there a fix for this?

Please Log in or Create an account to join the conversation.

6 years 8 months ago #3839 by Icemanssl22

Yes. Available from Cisco download.

or

You can disable webadmin till you are able/ready to apply the patch.

Please Log in or Create an account to join the conversation.

6 years 8 months ago #3840 by 1do1do

If I run a Nessus scan, would i be able to pick up this vulnerability?

Please Log in or Create an account to join the conversation.

6 years 8 months ago #3841 by Icemanssl22

Not sure.

Researcher will be revealing and share how to exploit this weekend.

Believe they are using XML scripts to take full control over the system.

Please Log in or Create an account to join the conversation.

6 years 8 months ago #3842 by ronnie101

IS a definitely a serious bug. :(

searchsecurity.techtarget.com/news/25243...ainst-remote-attacks

Please Log in or Create an account to join the conversation.