Nowcomm Customer Advisory Alert: Cisco ASA Remote Code Execution and Denial of Service
Nowcomm Customer Advisory Number: NCA30012018:1415
Nowcomm is monitoring a Cisco Security Advisory that has been issued for some Cisco ASA, Cisco Firepower Security Appliances and for Cisco Firepower Threat Defence software. Please read this post for more information should you be potentially affected.
As of the date and time of posting this Nowcomm Customer Advisory:
Note: Advisory posted from Cisco includes statement a remote attacker could “obtain full control of the system by executing arbitrary code”
A critical security advisory notice has been announced by Cisco regarding a vulnerability in the XML Parser of Cisco Adaptive Security Appliance software. Devices with the vulnerability could allow a remote attacker to stop the processing of incoming VPN authentication requests, reload the affected device or even obtain full control of the system by executing arbitrary code.
To be vulnerable Cisco state the ASA must have Secure Socket Layer (SSL) services or IKEv2 Remote Access VPN services enabled on an interface.
This vulnerability affects Cisco ASA Software that is running on the following Cisco products:
3000 Series Industrial Security Appliance (ISA)
ASA 5500 Series Adaptive Security Appliances
ASA 5500-X Series Next-Generation Firewalls
ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
ASA 1000V Cloud Firewall
Adaptive Security Virtual Appliance (ASAv)
Firepower 2100 Series Security Appliance
Firepower 4110 Security Appliance
Firepower 4120 Security Appliance
Firepower 4140 Security Appliance
Firepower 4150 Security Appliance
Firepower 9300 ASA Security Module
Firepower Threat Defense Software (FTD)
FTD Virtual (FTDv)
The full Cisco Security Advisory relating to this issue can be found here: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
Organisations that are concerned or potentially affected by this Cisco announcement may benefit from reading the full Cisco advisory.
Organisations wishing to understand or consider the possibility to deploy or implement Cisco ASA and Cisco Firepower hardening techniques can contact Nowcomm to explore purchasing expert engineering and consulting resource. Please have your Cisco product models and device serial numbers available if known.
Existing Nowcomm support or managed services customers should naturally contact your Nowcomm Services team to discuss your existing environment and understand the suggested recommendations and any remedial work Nowcomm maybe performing.
Nowcomm technical support services can be contacted on + 44 1332 821 128.
For general enquiries please call Nowcomm on 01332 821 100 or email [email protected] .