Security advisories

Cisco ASA Remote Code Execution Vulnerability

February 26, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

On January 29th Cisco publicly disclosed a vulnerability in the Cisco Adaptive Security Appliance (ASA) that has been labeled as CVE-2018-0101 [1]. The ASA vulnerability may allow for Remote Code Execution and Denial of Service (DoS). Initial reports state that there are approximately 200,000 active vulnerable devices exposed to the internet. There is no workaround option for this vulnerability so patching is required to remain secure.

On Friday, February 2nd the researchers who discovered the vulnerability are hosting a public talk to review their discovery and the technical details involved [2]. The public disclosure of technical details may increase the risk of weaponization.

What we’re doing about it

What you should do about it

Additional information

The vulnerability occurs due to an attempt to double free memory on Cisco ASA devices when the webpvn feature is active. Attackers can send a specially crafted XML packet to an affected device and execute malicious code. For additional technical details see the Cisco Vulnerability release [3].

Affected Devices:

[1] https://nvd.nist.gov/vuln/detail/CVE-2018-0101

[2] https://twitter.com/NCCGroupInfosec/status/958045910625325056

[3] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1

View Most Recent Advisories