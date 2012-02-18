Stories
That Mega-Vulnerability Cisco Dropped is Now Under Exploit

posted by Fnord666 on Monday February 12, @07:29PM   Printer-friendly
from the patch-day-is-every-day dept.
Security

MrPlow writes:

Submitted via IRC for Bytram

Hackers are actively trying to exploit a high-severity vulnerability in widely used Cisco networking software that can give complete control over protected networks and access to all traffic passing over them, the company has warned.

When Cisco officials disclosed the bug last week in a range of Adaptive Security Appliance products, they said they had no evidence anyone was actively exploiting it. Earlier this week, the officials updated their advisory to indicate that was no longer the case.

"The Cisco Product Security Incident Response Team (PSIRT) is aware of public knowledge of the vulnerability that is described in this advisory," the officials wrote. "Cisco PSIRT is aware of attempted malicious use of the vulnerability described in this advisory."

The update didn't say how widespread the attacks are, whether any of them are succeeding, or who is carrying them out. On Twitter on Thursday, Craig Williams, a Cisco researcher and director of outreach for Cisco's Talos security team, wrote of the vulnerability: "This is not a drill..Patch immediately. Exploitation, albeit lame DoS so far, has been observed in the field."

Source: https://arstechnica.com/information-technology/2018/02/that-mega-vulnerability-cisco-dropped-is-now-under-exploit/

Original Submission


  • (Score: 2, Insightful) by Runaway1956 on Monday February 12, @09:10PM (2 children)

    by Runaway1956 (2926) Subscriber Badge on Monday February 12, @09:10PM (#636829) Journal

    And, that's probably only busines/corporate owned stuff. Few home users are going to even notice this exploit. Maybe, just maybe, they'll become aware of it after their network has been hacked. Far more likely that only a couple percent of Cisco products are going to be patched.

    • (Score: 3, Interesting) by frojack on Monday February 12, @09:31PM (1 child)

      by frojack (1554) Subscriber Badge on Monday February 12, @09:31PM (#636839) Journal

      Ah, but it is VPN stuff, the savior and first recommended solution to every mention of spying or hacking.

      And its probably something those VPN termination sites use.

      3000 Series Industrial Security Appliance (ISA)
      ASA 5500 Series Adaptive Security Appliances
      ASA 5500-X Series Next-Generation Firewalls
      ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
      ASA 1000V Cloud Firewall
      Adaptive Security Virtual Appliance (ASAv)
      Firepower 2100 Series Security Appliance
      Firepower 4110 Security Appliance
      Firepower 9300 ASA Security Module
      Firepower Threat Defense Software (FTD)

  • (Score: 2) by NotSanguine on Monday February 12, @11:44PM

    by NotSanguine (285) Subscriber Badge on Monday February 12, @11:44PM (#636879) Homepage Journal

    The security advisory [cisco.com] from Cisco states that:

    The vulnerability is due to an issue with allocating and freeing memory when processing a malicious XML payload. An attacker could exploit this vulnerability by sending a crafted XML packet to a vulnerable interface on an affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, cause a reload of the affected device or stop processing of incoming VPN authentication requests.

    To be vulnerable the ASA must have Secure Socket Layer (SSL) services or IKEv2 Remote Access VPN services enabled on an interface. The risk of the vulnerability being exploited also depends on the accessibility of the interface to the attacker. For a comprehensive list of vulnerable ASA features please refer to the table in the Vulnerable Products section.

    Along with details as to how to identify if a particular configuration is vulnerable.

    CVE 2018-0101 [mitre.org] has links to exploits and other information.

