Vulnerability Name:

CVE-2018-0101 (CCN-138408)

Assigned:2017-11-27
Published:2018-01-29
Updated:2019-10-09
Summary:A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, or cause a reload of the affected device. This vulnerability affects Cisco ASA Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, ASA 1000V Cloud Firewall, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4110 Security Appliance, Firepower 9300 ASA Security Module, Firepower Threat Defense Software (FTD). Cisco Bug IDs: CSCvg35618.
CVSS v3 Severity:10.0 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
9.3 Critical (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
9.3 Critical (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-415
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2018-0101

Source: BID
Type: Third Party Advisory, VDB Entry
102845

Source: CCN
Type: BID-102845
Cisco Adaptive Security Appliance CVE-2018-0101 Remote Code Execution Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1040292

Source: XF
Type: UNKNOWN
cisco-cve20180101-code-exec(138408)

Source: MISC
Type: Third Party Advisory
https://icanthackit.wordpress.com/2018/01/30/thoughts-on-the-handling-cve-2018-0101-cisco-bug-cscvg35618/

Source: CCN
Type: Packet Storm Security [02-07-2018]
Cisco ASA Crash Proof Of Concept

Source: MISC
Type: Exploit, Third Party Advisory
https://pastebin.com/YrBcG2Ln

Source: CCN
Type: Cisco Security Advisory cisco-sa-20180129-asa1
Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability

Source: CONFIRM
Type: Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [02-07-2018]

Source: EXPLOIT-DB
Type: Exploit, Third Party Advisory, VDB Entry
43986

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* (Version < 9.1.7.23)
  • OR cpe:/a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* (Version >= 9.2.0 and < 9.2.4.27)
  • OR cpe:/a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* (Version >= 9.3.0 and < 9.4.4.16)
  • OR cpe:/a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* (Version >= 9.5.0 and < 9.6.4.3)
  • OR cpe:/a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* (Version >= 9.7.0 and < 9.7.1.21)
  • OR cpe:/a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* (Version >= 9.8.0 and < 9.8.2.20)
  • OR cpe:/a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* (Version >= 9.9.0 and < 9.9.1.2)

    • Configuration 2:
  • cpe:/a:cisco:firepower_threat_defense:6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:firepower_threat_defense:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:firepower_threat_defense:6.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:firepower_threat_defense:6.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:firepower_threat_defense:6.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:firepower_threat_defense:6.2.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco adaptive security appliance software *
    cisco adaptive security appliance software *
    cisco adaptive security appliance software *
    cisco adaptive security appliance software *
    cisco adaptive security appliance software *
    cisco adaptive security appliance software *
    cisco adaptive security appliance software *
    cisco firepower threat defense 6.0.0
    cisco firepower threat defense 6.0.1
    cisco firepower threat defense 6.1.0
    cisco firepower threat defense 6.2.0
    cisco firepower threat defense 6.2.1
    cisco firepower threat defense 6.2.2
    cisco adaptive security appliance software *