TTCSIRT-114.050318: TT-CSIRT Advisory – Cisco Security Updates
Cisco has released a security update stating that a vulnerability has been discovered in Cisco Adaptive Security Appliance (ASA) which could allow for an unauthenticated, remote attacker to establish a Secure Sockets Layer (SSL) Virtual Private Network (VPN) connection to the device and bypass certain SSL certificate verification steps.
The vulnerability is due to incorrect verification of the SSL Client Certificate. An attacker could exploit this vulnerability by connecting to the ASA VPN without a proper private key and certificate pair. As a result, the attacker will be able to establish an SSL VPN connection to the ASA when the connection should have been rejected.
Further information on this vulnerability and how it can be mitigated can be found at https://www.cisecurity.org/advisory/a-vulnerability-in-cisco-adaptive-security-appliance-software-could-allow-for-security-bypass_2018-048/ |