A critical vulnerability affecting the VPN feature of Cisco's Adaptive Security Appliance software could allow an attacker to cause a reload, execute arbitrary code, or take full control of an affected system.
"The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device," Cisco wrote in its alert. "An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system."
Cisco has now released software patches that address this major vulnerability affecting all Cisco devices running Adaptive Security Appliance (ASA) Software. The Cisco ASA Software is the core operating system for the Cisco ASA Family that offers firewall, antivirus, intrusion prevention, and VPN capabilities. Following devices are vulnerable to this security hole (if they have “webvpn” feature enabled):
Affected version
3000 Series Industrial Security Appliance (ISA)ASA 5500 Series Adaptive Security Appliances
ASA 5500-X Series Next-Generation Firewalls
ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
ASA 1000V Cloud Firewall
Adaptive Security Virtual Appliance (ASAv)
Firepower 2100 Series Security Appliance
Firepower 4110 Security Appliance
Firepower 9300 ASA Security Module
Firepower Threat Defense Software (FTD)
Link for Patch : Click Here
