Not logged in » Login
Feb 09 2018

Cisco Unveils Vulnerabilities in Routers, Adaptive Security Appliance

IT departments working with two specific router models and ASA software could fall victim to remote code execution and denial of service attacks, the networking giant has warned. Since the flaws are considered critical, the related advisories recommend available patches to be applied immediately.

Advisory #1 describes a bug in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers that "could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges" or causing affected systems to reload, which leads to a DoS condition. The flaw has received an internal CVSS score of 9.8 and is listed as CVE-2018-0125 in the Common Vulnerabilities and Exposures database. Further according to Cisco's advisory, the "vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device," which enables adversaries to take over the affected routers simply by sending a "crafted HTTP request." Because there are no workarounds or mitigation routines available, Cisco urges all customers who have deployed the affected routers to run a firmware upgrade; the corrected code (version is available from the company's Software Center via the following path: Products > Routers > Small Business Routers > Small Business RV Series Routers.

Advisory # 2 deals with vulnerabilities listed as CVE 2018-0101 that affect Cisco's Adaptive Security Appliance (ASA) Software running on the following hardware and products:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 4120 Security Appliance
  • Firepower 4140 Security Appliance
  • Firepower 4150 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD)
  • FTD Virtual

Cisco first warned against the bug on January 29 but has since detected additional attack vectors; its CVSS severity rating is at 10. The core vulnerability resides in the XML parser of the ASA Software, which could allow unauthenticated, remote attackers to execute code from afar or cause a reload of affected systems. Likewise, vulnerable ASA implementations "could stop processing incoming Virtual Private Network (VPN) authentication requests due to a low memory condition," effectively deterring users from setting up trusted connections to their employers' networks. Cisco explains that "the vulnerability is due to an issue with allocating and freeing memory when processing a malicious XML payload" and could be exploited by sending crafted XML packets to affected hardware or interfaces. The consequences of such a takeover would be the same as above; however, to be vulnerable, the ASA Software must either have SSL or IKEv2 Remote Access VPN Services enabled, so potential risks may be mitigated by restricting management access to known and trusted hosts. For detailed advice and remedies – including links to updated software modules – please refer to the advisory linked above.


Comments on this article

No comments yet.

Please Login to leave a comment.


Please login

Please log in with your Fujitsu Partner Account.


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now