The vulnerability affects ASA software running on numerous Cisco products, including the 3000 Series Industrial Security Appliance ASA 5500 Series Adaptive Security Appliances ASA 5500-X Series Next-Generation Firewalls and Firepower Threat Defense Software.Ī full list of affected devices – along with instructions to help admins determine whether webvpn is enabled – can be found here. “An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, or cause a reload of the affected device.” “An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system,” the company stated.
Double-free bug affects numerous devices running ASA softwareĬisco Systems has patched a critical vulnerability in its Adaptive Security Appliance (ASA) software that could enable an unauthenticated attacker to remotely execute code.Ī security advisory released yesterday by the networking solutions group provides an outline of the flaw that was found in the Secure Sockets Layer (SSL) VPN functionality of its ASA software.Īssigned a CVSS rating of 10.0, Cisco said the vulnerability is due to “an attempt to double free a region of memory when the webvpn feature is enabled” on security devices running the software.
0 kommentar(er)
