CVE-2018-0101

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software versions prior to the fixed version

Description A vulnerability in the Secure Sockets Layer (SSL) VPN functionality could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The issue is due to an attempt to double free a region of memory when the webvpn feature is enabled. An attacker could exploit this by sending multiple, crafted XML packets to a webvpn-configured interface. This could allow the attacker to execute arbitrary code and obtain full control of the system, or cause a reload of the affected device.

Recommendations For Cisco ASA Software, update to a fixed version to resolve the issue. As a temporary workaround, consider disabling the webvpn feature until a patch is available. Restrict access to webvpn-configured interfaces to minimize the risk of exploitation. Avoid using crafted XML packets in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability, however, it is recommended to check the Fixed Software section for more information.