====================================================================

                             CERT-Renater

                 Note d'Information No. 2018/VULN040
_____________________________________________________________________

DATE                : 30/01/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Cisco Adaptive Security Appliance Software
                     versions prior to 9.1.7.20, 9.2.4.25, 9.4.4.14,
                                9.6.3.20, 9.7.1.16, 9.8.2.14, 9.9.1.2,
                     FTD Software versions 6.2.2.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
_____________________________________________________________________

Cisco Security Advisory: Cisco Adaptive Security Appliance Remote Code
Execution and Denial of Service Vulnerability

Advisory ID: cisco-sa-20180129-asa1

Revision: 1.0

For Public Release: 2018 January 29 17:00 GMT

Last Updated: 2018 January 29 17:00 GMT

CVE ID(s): CVE-2018-0101

CVSS Score v(3): 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of
the Cisco Adaptive Security Appliance (ASA) Software could allow an
unauthenticated, remote attacker to cause a reload of the affected
system or to remotely execute code.

The vulnerability is due to an attempt to double free a region of
memory when the webvpn feature is enabled on the Cisco ASA device. An
attacker could exploit this vulnerability by sending multiple, crafted
XML packets to a webvpn-configured interface on the affected system. An
exploit could allow the attacker to execute arbitrary code and obtain
full control of the system, or cause a reload of the affected device.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1"]

==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================