CISCO ASA Patch Incomplete - Need to Patch Again
On Feb 5, 2018, Cisco released an update to their Jan 29th, 2018 security bulletin regarding a Critical Remote Code Execution vulnerability in certain ASA products. Cisco identified that the vulnerability affects the ASA XML parser, rendering numerous additional features vulnerable, and making the previous fix incomplete. By sending crafted XML packers to an SSL or IKEv2 Remote Access VPN services enabled interface, an attacker could exploit the vulnerability, allowing them to execute arbitrary code and to gain full control of the ASA. Cisco is not aware of any malicious use of the vulnerability, an exploit will likely soon be developed.
Due to the Critical severity of this vulnerability, the numerous additional features affected, and the previous fix being incomplete, IT Security recommends that this (updated) vulnerability is identified and patched as soon as reasonably possible. For more details about the vulnerability, affected products, features, and software, as well as how to patch the vulnerability, visit Cisco's security bulletin website, https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1