Guest

Preview Tool

Cisco Bug: CSCul70099 - ASA SSL VPN Privilege Escalation Vulnerability

Last Modified

Apr 16, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.1(1)

Description (partial)

Symptoms:
Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities:

    Cisco ASA ASDM Privilege Escalation Vulnerability
    Cisco ASA SSL VPN Privilege Escalation Vulnerability
    Cisco ASA SSL VPN Authentication Bypass Vulnerability
    Cisco ASA SIP Denial of Service Vulnerability

These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others.

Successful exploitation of the Cisco ASA ASDM Privilege Escalation Vulnerability and the Cisco ASA SSL VPN Privilege Escalation Vulnerability may
allow an attacker or an unprivileged user to elevate privileges and gain administrative access to the affected system.

Successful exploitation of the Cisco ASA SSL VPN Authentication Bypass Vulnerability may allow an attacker to obtain unauthorized access to the
internal network via SSL VPN.

Successful exploitation of the Cisco ASA SIP Denial of Service Vulnerability may cause the exhaustion of available memory. This may cause system
instability and in some cases lead to a reload of the affected system, creating a denial of service (DoS) condition.

Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available for
some of the vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa

Conditions:
 See published Cisco Security Advisory
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.