February 10, 2018
Cisco has detected vulnerability CVE-2018-0101 for the second time post warning from a customer on January 29. This bug disturbs its ASA (Adaptive Security Appliance) and firepower security appliances. Cisco says that it is aware of the vulnerability mentioned in the advisory.
Few days before NCC Group researcher reporting the bug, Cisco had announced its initial advisory. Using crafted XML, the attack exploited a seven-year-old bug in the Cisco XML parser to gain remote code execution.
Cisco’s ASA flaw had a CVSS score of 10 which means it is a victim by attacks. Two months prior its advisory, Cisco had fixed the flaws but earlier this week Cisco again made an announcement that it has updated the original advisory and it detected more attack vectors which was unnoticed by NCC Group and the company requested to update new versions.
Cisco explicated the vulnerable configurations for features which include: Adaptive Security Device Manager, AnyConnect IKEv2 Remote Access, AnyConnect IKEv2 Remote Access, AnyConnect SSL VPN, Cisco Security Manager, Clientless SSL VPN, Cut-Through Proxy, Local Certificate Authority, Mobile Device Manager Proxy, Mobile User Security Proxy Bypass, REST API, and Security Assertion Markup Language Single Sign-On.