Lucene search
CiscoCISCO-SA-20180418-ASA1HistoryApr 18, 2018 - 4:00 p.m.
Cisco Adaptive Security Appliance Virtual Private Network SSL Client Certificate Bypass Vulnerability
2018-04-1816:00:00
tools.cisco.com
36
0.001 Low
EPSS
Percentile
49.2%
A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL certificate verification steps.
The vulnerability is due to incorrect verification of the SSL Client Certificate. An attacker could exploit this vulnerability by connecting to the ASA VPN without a proper private key and certificate pair. A successful exploit could allow the attacker to establish an SSL VPN connection to the ASA when the connection should have been rejected.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa1 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa1”]
Affected configurations
Node
ciscoadaptive_security_appliance_softwareMatch9.4
ORciscoadaptive_security_appliance_softwareMatch9.5
ORciscoadaptive_security_appliance_softwareMatch9.6
ORciscoadaptive_security_appliance_softwareMatch9.7
ORciscoadaptive_security_appliance_softwareMatch9.4.1
ORciscoadaptive_security_appliance_softwareMatch9.4.0.115
ORciscoadaptive_security_appliance_softwareMatch9.4.1.1
ORciscoadaptive_security_appliance_softwareMatch9.4.2
ORciscoadaptive_security_appliance_softwareMatch9.4.1.5
ORciscoadaptive_security_appliance_softwareMatch9.4.1.3
ORciscoadaptive_security_appliance_softwareMatch9.4.1.2
ORciscoadaptive_security_appliance_softwareMatch9.4.2.3
ORciscoadaptive_security_appliance_softwareMatch9.4.3
ORciscoadaptive_security_appliance_softwareMatch9.4.3.3
ORciscoadaptive_security_appliance_softwareMatch9.4.3.4
ORciscoadaptive_security_appliance_softwareMatch9.4.3.6
ORciscoadaptive_security_appliance_softwareMatch9.4.3.8
ORciscoadaptive_security_appliance_softwareMatch9.4.3.11
ORciscoadaptive_security_appliance_softwareMatch9.4.3.12
ORciscoadaptive_security_appliance_softwareMatch9.4.4
ORciscoadaptive_security_appliance_softwareMatch9.4.4.2
ORciscoadaptive_security_appliance_softwareMatch9.4.4.5
ORciscoadaptive_security_appliance_softwareMatch9.4.4.6
ORciscoadaptive_security_appliance_softwareMatch9.4.4.8
ORciscoadaptive_security_appliance_softwareMatch9.4.4.10
ORciscoadaptive_security_appliance_softwareMatch9.4.4.12
ORciscoadaptive_security_appliance_softwareMatch9.4.2.6
ORciscoadaptive_security_appliance_softwareMatch9.4.2.11
ORciscoadaptive_security_appliance_softwareMatch9.4.1.13
ORciscoadaptive_security_appliance_softwareMatch9.5.1
ORciscoadaptive_security_appliance_softwareMatch9.5.2
ORciscoadaptive_security_appliance_softwareMatch9.5.2.6
ORciscoadaptive_security_appliance_softwareMatch9.5.2.10
ORciscoadaptive_security_appliance_softwareMatch9.5.2.14
ORciscoadaptive_security_appliance_softwareMatch9.5.3
ORciscoadaptive_security_appliance_softwareMatch9.5.3.2
ORciscoadaptive_security_appliance_softwareMatch9.5.3.3
ORciscoadaptive_security_appliance_softwareMatch9.5.3.1
ORciscoadaptive_security_appliance_softwareMatch9.5.3.6
ORciscoadaptive_security_appliance_softwareMatch9.5.3.9
ORciscoadaptive_security_appliance_softwareMatch9.5.2.5
ORciscoadaptive_security_appliance_softwareMatch9.5.2.2
ORciscoadaptive_security_appliance_softwareMatch9.6.0
ORciscoadaptive_security_appliance_softwareMatch9.6.1
ORciscoadaptive_security_appliance_softwareMatch9.6.1.3
ORciscoadaptive_security_appliance_softwareMatch9.6.1.5
ORciscoadaptive_security_appliance_softwareMatch9.6.1.10
ORciscoadaptive_security_appliance_softwareMatch9.6.2
ORciscoadaptive_security_appliance_softwareMatch9.6.2.1
ORciscoadaptive_security_appliance_softwareMatch9.6.2.2
ORciscoadaptive_security_appliance_softwareMatch9.6.2.3
ORciscoadaptive_security_appliance_softwareMatch9.6.2.7
ORciscoadaptive_security_appliance_softwareMatch9.6.2.8
ORciscoadaptive_security_appliance_softwareMatch9.6.2.9
ORciscoadaptive_security_appliance_softwareMatch9.6.3
ORciscoadaptive_security_appliance_softwareMatch9.6.3.1
ORciscoadaptive_security_appliance_softwareMatch9.6.2.11
ORciscoadaptive_security_appliance_softwareMatch9.6.3.3
ORciscoadaptive_security_appliance_softwareMatch9.6.3.8
ORciscoadaptive_security_appliance_softwareMatch9.6.3.9
ORciscoadaptive_security_appliance_softwareMatch9.6.3.11
ORciscoadaptive_security_appliance_softwareMatch9.6.3.12
ORciscoadaptive_security_appliance_softwareMatch9.6.3.14
ORciscoadaptive_security_appliance_softwareMatch9.62.22
ORciscoadaptive_security_appliance_softwareMatch9.62.23
ORciscoadaptive_security_appliance_softwareMatch9.6.4.3
ORciscoadaptive_security_appliance_softwareMatch9.6.2.22
ORciscoadaptive_security_appliance_softwareMatch9.6.2.23
ORciscoadaptive_security_appliance_softwareMatch9.6.4
ORciscoadaptive_security_appliance_softwareMatch9.6.2.13
ORciscoadaptive_security_appliance_softwareMatch9.6.4.5
ORciscoadaptive_security_appliance_softwareMatch9.7.1
ORciscoadaptive_security_appliance_softwareMatch9.7.1.1
ORciscoadaptive_security_appliance_softwareMatch9.7.1.2
ORciscoadaptive_security_appliance_softwareMatch9.7.1.4
ORciscoadaptive_security_appliance_softwareMatch9.7.1.8
ORciscoadaptive_security_appliance_softwareMatch9.7.1.15
Related
cve
cve
CVE-2018-0227
2018-04-19 20:29:00
prion
prion
Authentication flaw
2018-04-19 20:29:00
nvd
nvd
CVE-2018-0227
2018-04-19 20:29:00
cvelist
cvelist
CVE-2018-0227
2018-04-19 20:00:00
ics
ics
Rockwell Automation Allen-Bradley Stratix 5950
2018-07-03 12:00:00