February 1, 2018
Critical Cisco ASA SSL VPN Vulnerability – WST
For those of you running Cisco ASA firewalls and using the SSL VPN functionality, be aware that Cisco has released updates that address a critical vulnerability in the ASA’s implementation of SSL VPN connections. The vulnerability allows for remote code execution and denial of service exploitation.
In plain terms, if you have an ASA using SSL VPN, a bad person can exploit your firewall. See the Cisco announcement here: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
Cisco has released updates for supported ASA Software versions. Those using ASA’s and SSL VPN’s should apply the fixed software ASAP. Those with a third-party managing your ASA firewalls should contact them immediately to determine if they are affected and if so, make sure the fix is scheduled.
For those of you who are not affected by this latest fun, this can serve as a good reminder that even common, hardened services that have been around forever can be found to contain serious vulnerabilities. Something that was fine yesterday can be a liability tomorrow, so expose services and ports to the outside world carefully, and after a thorough risk assessment. Perform quarterly firewall reviews to evaluate what you have open, if it is still needed, and if risk levels have changed.