To Customer Support To Customer Support

Unpatched Cisco ASA firewalls targeted by hackers

  • 19 February 2015
  • 1 reply
  • 1090 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
By Juha Saarinen on Feb 20, 2015
 

Attack makes permanent changes.

 Network vendor Cisco is urging customers to patch their Adaptive Security Appliance firewalls as soon as possible, after discovering a serious vulnerability is currently being exploited by hackers.
Cisco incident manager Stefano de Crescenzo said users with customised Clientless Secure Sockets Layer Virtal Private Networking portals should review a security advisory to check if their ASAs have been compromised.
The vulnerability is caused by poor authentication and permission checking that allows attackers to remotely modify objects in an in-memory cache file system.
 
Full Article
 

1 reply

Jasper_The_Rasper
Rank
Userlevel 7
Badge +54

Customise tool makes screwy GUIs

20 Feb 2015 at 08:33, Darren Pauli
 
"[The hole] could allow an unauthenticated, remote attacker to modify the content of the Clientless SSL VPN portal, which could lead to several attacks including the stealing of credentials, cross-site scripting (XSS), and other types of web attacks on the client using the affected system.
"When Cisco ASDM (Adaptive Security Device Manager) is used to modify or create a customisation object, a preview button is available for the Cisco ASA administrator that is used to visualise the modifications. When preview is used Cisco ASA will create a unique identifier that is used as session cookie and a folder on the system to include the content of the customisation.
"Due to a flaw in the way permission are checked, it is possible to remotely modify any object included on the RAMFS cache file system including the Clientless SSL VPN customisation objects."
 
Full Article

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.