Hackers are exploiting the CVE-2018-0101 CISCO ASA flaw in attacks in the wild

Hackers are exploiting the CVE-2018-0101 CISCO ASA flaw in attacks in the wild and a Proof-of-concept exploit code is available online.

This week, Cisco has rolled out new security patches for a critical vulnerability, tracked as CVE-2018-0101, in its CISCO ASA (Adaptive Security Appliance) software.

This is the second the tech giant issued a security patch to fix the critical vulnerability in CISCO ASA, the first one released in January. The vulnerability could be exploited by a remote and unauthenticated attacker to execute arbitrary code or trigger a denial-of-service (DoS) condition causing the reload of the system.

The affected models are:

3000 Series Industrial Security Appliance (ISA)
ASA 5500 Series Adaptive Security Appliances
ASA 5500-X Series Next-Generation Firewalls
ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
ASA 1000V Cloud Firewall
Adaptive Security Virtual Appliance (ASAv)
Firepower 2100 Series Security Appliance
Firepower 4110 Security Appliance
Firepower 9300 ASA Security Module
Firepower Threat Defense Software (FTD)

Now the company confirmed that attackers are trying to exploit the vulnerability CVE-2018-0101 in attacks in the wild.

“The Cisco Product Security Incident Response Team (PSIRT) is aware of public knowledge of the vulnerability that is described in this advisory,” reads the security advisory published by CISCO. the update states. “Cisco PSIRT is aware of attempted malicious use of the vulnerability described in this advisory.”

The vulnerability was discovered by Cedric Halbronn and received a CVSS base score of 10.0, the highest one.

This week Halbronn presented its findings at the REcon conference in Brussels, in its speech titled ‘Robin Hood vs CISCO ASA Anyconnect.’ he highlighted that the vulnerability could be present up to seven years old because the AnyConnect Host Scan is available since 2011.

The new attack scenario covered with the new update sees an attacker exploiting the vulnerability by sending specially crafted XML packets to a webvpn-configured interface.

A “Cisco ASA CVE-2018-0101 Crash PoC” was already published by some users on Pastebin.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – CISCO ASA, CVE-2018-0101)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.