31 janvier 2018
Une faille critique de sécurité a été publiée le 29/01 affectant des versions des produits VPN SSL de Cisco (ISA – ASA – Firepower – FTD)
Update le 17/02 : Nouveaux fix à consulter en fin d’article.
La vulnérabilité est qualifiée de critique, car elle entraîne un Déni de Service sur les concentrateurs SSL et peut dans certains cas permettre l’exécution de code à distance.
Si vous êtes concernés par ces produits et versions, merci de contacter le support Nomios qui vous aidera à choisir les bonnes versions Cisco ASA adaptées à votre environnement.
Vulnerable Products
This vulnerability affects Cisco ASA Software that is running on the following Cisco products:
- 3000 Series Industrial Security Appliance (ISA)
- ASA 5500 Series Adaptive Security Appliances
- ASA 5500-X Series Next-Generation Firewalls
- ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
- ASA 1000V Cloud Firewall
- Adaptive Security Virtual Appliance (ASAv)
- Firepower 2100 Series Security Appliance
- Firepower 4110 Security Appliance
- Firepower 9300 ASA Security Module
- Firepower Threat Defense Software (FTD)
Fixed Releases
| Cisco ASA Major Release | First Fixed Release |
|---|---|
| 8.x1 | Affected; migrate to 9.1.7.20 or later |
| 9.01 | Affected; migrate to 9.1.7.20 or later |
| 9.1 | 9.1.7.20 |
| 9.2 | 9.2.4.25 |
| 9.31 | Affected; migrate to 9.4.4.14 or later |
| 9.4 | 9.4.4.14 |
| 9.51 | Affected; migrate to 9.6.3.20 or later |
| 9.6 | 9.6.3.20 |
| 9.7 | 9.7.1.16 |
| 9.8 | 9.8.2.14 |
| 9.9 | 9.9.1.2 |
1ASA Software releases prior to 9.1, including all 8.x releases, and ASA releases 9.3 and 9.5 have reached End of Software Maintenance. Customers should migrate to a supported release.
Source : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
===== UPDATE =========
Attention, les patchs n’étaient pas complets, il est nécessaire de consulter la mise à jour suivante pour patcher vos équipements.
| Title: | Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability |
| Impact: | Critical |
| Description: | Update from February 5, 2018: After further investigation, Cisco has identified additional attack vectors and features that are affected by this vulnerability. In addition, it was also found that the original fix was incomplete so new fixed code versions are now available. Please see the Fixed Software section for more information.
A vulnerability in the XML parser of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. It was also possible that the ASA could stop processing incoming Virtual Private Network (VPN) authentication requests due to a low memory condition. |
| Date: | 16-FEB-2018 |
Le support Nomios est disponible pour vous aider sur ce sujet critique.