ASA Vulnerability

There’s a nasty bug out there for ASAs (Adapative Security Appliance) that have Webvpn enabled. If the command “webvpn” is present in your ASA configuration, you’re vulnerable. If you’re running Anyconnect for VPN, you probably do.

What is affected?

All ASAs running 8.x software or later. Also, FTD appliances that are running 6.2.2 are vulnerable.

What’s the risk?

If a malicious XML file is sent to the ASA, the firewall could reload or execute arbitrary commands. There’s nothing out in the wild (that anyone knows of), but assume that it’s just a matter of time.

How do I fix this?

Simple! Patch early and patch often. For FTD systems, there’s a hotfix out.

Where’s the Cisco PSIRT link?

Right here:

As always, please reach out if you need any assistance getting this resolved.

Share This