CERTFR-2018-AVI-063
Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Cisco Adaptive Security Appliance. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Cisco Adaptive Security Appliance Firepower 9300 ASA Security Module
Cisco Adaptive Security Appliance ASA 1000V Cloud Firewall
Cisco Adaptive Security Appliance Firepower 2100 Series Security Appliance
Cisco Adaptive Security Appliance Firepower Threat Defense Software (FTD)
Cisco Adaptive Security Appliance ASA 5500-X Series Next-Generation Firewalls
Cisco Adaptive Security Appliance ASA 5500 Series Adaptive Security Appliances
Cisco Adaptive Security Appliance Firepower 4110 Security Appliance
Cisco Adaptive Security Appliance Adaptive Security Virtual Appliance (ASAv)
Cisco Adaptive Security Appliance ASA Services Module pour les commutateurs Cisco Catalyst série 6500 et les routeurs Cisco série 7600
Cisco Adaptive Security Appliance 3000 Series Industrial Security Appliance (ISA)
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firepower 9300 ASA Security Module",
      "product": {
        "name": "Adaptive Security Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "ASA 1000V Cloud Firewall",
      "product": {
        "name": "Adaptive Security Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Firepower 2100 Series Security Appliance",
      "product": {
        "name": "Adaptive Security Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Firepower Threat Defense Software (FTD)",
      "product": {
        "name": "Adaptive Security Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "ASA 5500-X Series Next-Generation Firewalls",
      "product": {
        "name": "Adaptive Security Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "ASA 5500 Series Adaptive Security Appliances",
      "product": {
        "name": "Adaptive Security Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Firepower 4110 Security Appliance",
      "product": {
        "name": "Adaptive Security Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Adaptive Security Virtual Appliance (ASAv)",
      "product": {
        "name": "Adaptive Security Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "ASA Services Module pour les commutateurs Cisco Catalyst s\u00e9rie 6500 et les routeurs Cisco s\u00e9rie 7600",
      "product": {
        "name": "Adaptive Security Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "3000 Series Industrial Security Appliance (ISA)",
      "product": {
        "name": "Adaptive Security Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-0101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0101"
    }
  ],
  "initial_release_date": "2018-01-30T00:00:00",
  "last_revision_date": "2018-01-30T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-063",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-01-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco Adaptive Security\nAppliance. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Cisco Adaptive Security Appliance",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180129-asa1 du 29 janvier 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.