Cisco Adaptive Security Appliance Remote Code Execution And Denial Of Service Vulnerability

An attacker could exploit this vulnerability by invoking certain invalid commands in an affected device.

Cisco adaptive security appliance remote code execution and denial of service vulnerability.

No workarounds available. It is also possible on certain software releases that the asa will not reload but an attacker could view sensitive system information without authentication by. 2018 may 17 17 52 gmt. A vulnerability in the web interface of the cisco adaptive security appliance asa could allow an unauthenticated remote attacker to cause an affected device to reload unexpectedly resulting in a denial of service dos condition.

This vulnerability occurs when the webvpn feature is enabled on an affected cisco asa device and an attempt to double free a region of memory occurs. A vulnerability in the command line interface cli parser of cisco adaptive security appliance asa software could allow an authenticated local attacker to create a denial of service dos condition or potentially execute arbitrary code. Known affected releases. 9 2 4 9 6 2 9 8 1 description partial.

Cisco has released software updates that address. 2018 january 29 17 00 gmt. Products 1 cisco asa 5500 x series firewalls.