Lucene search

CiscoCISCO-SA-20190501-ASAFTD-SAML-VPN

HistoryMay 01, 2019 - 4:00 p.m.

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability

2019-05-0116:00:00

tools.cisco.com

0.002 Low

EPSS

Percentile

52.5%

JSON

A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device.

The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn”]

Affected configurations

Vulners

Node

ciscoadaptive_security_virtual_applianceMatch9.7

ciscoadaptive_security_virtual_applianceMatch9.8

ciscoadaptive_security_virtual_applianceMatch9.9

ciscoadaptive_security_virtual_applianceMatch9.10

ciscofirepower_threat_defense_softwareMatch6.2

ciscofirepower_threat_defense_softwareMatch6.3

ciscoadaptive_security_virtual_applianceMatch9.7.1

ciscoadaptive_security_virtual_applianceMatch9.7.1.1

ciscoadaptive_security_virtual_applianceMatch9.7.1.2

ciscoadaptive_security_virtual_applianceMatch9.7.1.4

ciscoadaptive_security_virtual_applianceMatch9.7.1.8

ciscoadaptive_security_virtual_applianceMatch9.7.1.15

ciscoadaptive_security_virtual_applianceMatch9.7.1.16

ciscoadaptive_security_virtual_applianceMatch9.7.1.19

ciscoadaptive_security_virtual_applianceMatch9.7.1.20

ciscoadaptive_security_virtual_applianceMatch9.7.1.21

ciscoadaptive_security_virtual_applianceMatch9.7.1.23

ciscoadaptive_security_virtual_applianceMatch9.7.1.24

ciscoadaptive_security_virtual_applianceMatch9.7.1.28

ciscoadaptive_security_virtual_applianceMatch9.8.1

ciscoadaptive_security_virtual_applianceMatch9.8.1.5

ciscoadaptive_security_virtual_applianceMatch9.8.1.7

ciscoadaptive_security_virtual_applianceMatch9.8.2

ciscoadaptive_security_virtual_applianceMatch9.8.2.8

ciscoadaptive_security_virtual_applianceMatch9.8.2.10

ciscoadaptive_security_virtual_applianceMatch9.8.2.11

ciscoadaptive_security_virtual_applianceMatch9.8.2.14

ciscoadaptive_security_virtual_applianceMatch9.8.2.15

ciscoadaptive_security_virtual_applianceMatch9.8.2.17

ciscoadaptive_security_virtual_applianceMatch9.8.2.18

ciscoadaptive_security_virtual_applianceMatch9.8.2.19

ciscoadaptive_security_virtual_applianceMatch9.8.2.20

ciscoadaptive_security_virtual_applianceMatch9.8.2.3

ciscoadaptive_security_virtual_applianceMatch9.8.2.24

ciscoadaptive_security_virtual_applianceMatch9.8.2.26

ciscoadaptive_security_virtual_applianceMatch9.8.2.28

ciscoadaptive_security_virtual_applianceMatch9.8.2.33

ciscoadaptive_security_virtual_applianceMatch9.8.2.35

ciscoadaptive_security_virtual_applianceMatch9.8.2.38

ciscoadaptive_security_virtual_applianceMatch9.8.3.8

ciscoadaptive_security_virtual_applianceMatch9.8.3.11

ciscoadaptive_security_virtual_applianceMatch9.8.3.14

ciscoadaptive_security_virtual_applianceMatch9.8.3.16

ciscoadaptive_security_virtual_applianceMatch9.8.3.17

ciscoadaptive_security_virtual_applianceMatch9.8.3.18

ciscoadaptive_security_virtual_applianceMatch9.8.3

ciscoadaptive_security_virtual_applianceMatch9.9.1

ciscoadaptive_security_virtual_applianceMatch9.9.1.2

ciscoadaptive_security_virtual_applianceMatch9.9.1.3

ciscoadaptive_security_virtual_applianceMatch9.9.2

ciscoadaptive_security_virtual_applianceMatch9.9.2.1

ciscoadaptive_security_virtual_applianceMatch9.9.1.4

ciscoadaptive_security_virtual_applianceMatch9.9.2.9

ciscoadaptive_security_virtual_applianceMatch9.9.2.14

ciscoadaptive_security_virtual_applianceMatch9.9.2.18

ciscoadaptive_security_virtual_applianceMatch9.9.2.25

ciscoadaptive_security_virtual_applianceMatch9.9.2.27

ciscoadaptive_security_virtual_applianceMatch9.9.2.32

ciscoadaptive_security_virtual_applianceMatch9.9.2.36

ciscoadaptive_security_virtual_applianceMatch9.9.2.40

ciscoadaptive_security_virtual_applianceMatch9.10.1

ciscoadaptive_security_virtual_applianceMatch9.10.1.2

ciscoadaptive_security_virtual_applianceMatch9.10.1.7

ciscofirepower_threat_defense_softwareMatch6.2.1

ciscofirepower_threat_defense_softwareMatch6.2.2

ciscofirepower_threat_defense_softwareMatch6.2.2.1

ciscofirepower_threat_defense_softwareMatch6.2.2.2

ciscofirepower_threat_defense_softwareMatch6.2.3

ciscofirepower_threat_defense_softwareMatch6.2.3.1

ciscofirepower_threat_defense_softwareMatch6.2.3.2

ciscofirepower_threat_defense_softwareMatch6.2.3.3

ciscofirepower_threat_defense_softwareMatch6.2.3.4

ciscofirepower_threat_defense_softwareMatch6.2.3.5

ciscofirepower_threat_defense_softwareMatch6.2.2.3

ciscofirepower_threat_defense_softwareMatch6.2.2.4

ciscofirepower_threat_defense_softwareMatch6.2.3.6

ciscofirepower_threat_defense_softwareMatch6.2.2.5

ciscofirepower_threat_defense_softwareMatch6.2.3.7

ciscofirepower_threat_defense_softwareMatch6.2.3.8

ciscofirepower_threat_defense_softwareMatch6.2.3.10

ciscofirepower_threat_defense_softwareMatch6.2.3.11

ciscofirepower_threat_defense_softwareMatch6.2.3.9

ciscofirepower_threat_defense_softwareMatch6.3.0

ciscofirepower_threat_defense_softwareMatch6.3.0.1

CPENameOperatorVersion
cisco adaptive security appliance (asa) softwareeq9.7
cisco adaptive security appliance (asa) softwareeq9.8
cisco adaptive security appliance (asa) softwareeq9.9
cisco adaptive security appliance (asa) softwareeq9.10
cisco firepower threat defense softwareeq6.2
cisco firepower threat defense softwareeq6.3
cisco adaptive security appliance (asa) softwareeq9.7.1
cisco adaptive security appliance (asa) softwareeq9.7.1.1
cisco adaptive security appliance (asa) softwareeq9.7.1.2
cisco adaptive security appliance (asa) softwareeq9.7.1.4

Name	Operator	Version
cisco adaptive security appliance (asa) software	eq	9.7
cisco adaptive security appliance (asa) software	eq	9.8
cisco adaptive security appliance (asa) software	eq	9.9
cisco adaptive security appliance (asa) software	eq	9.10
cisco firepower threat defense software	eq	6.2
cisco firepower threat defense software	eq	6.3
cisco adaptive security appliance (asa) software	eq	9.7.1
cisco adaptive security appliance (asa) software	eq	9.7.1.1
cisco adaptive security appliance (asa) software	eq	9.7.1.2
cisco adaptive security appliance (asa) software	eq	9.7.1.4