Cisco Bug: CSCup54184 - Cisco ASA SharePoint RAMFS Integrity and Lua Injection Vulnerability
Apr 16, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
8.0(1.28) 8.6(0) 8.7(1) 9.0(3) 9.2(1) 9.3(1)
Symptoms: A vulnerability in the SSL VPN code of Cisco ASA Software could allow an authenticated, remote attacker to overwrite arbitrary file present on the RAMFS file system or inject Lua scripts. The vulnerability is due to insufficient validation of the code that handled session information of the SSL VPN when a sharepoint handled is created. A sharepoint handler is created when a valid sharepoint connection is initiated.. An attacker could exploit this vulnerability by sending crafted HTTP request to the affected system. SSL VPN feature needs to be configured for the system to be vulnerable. An exploit could allow the attacker to overwrite arbitrary file on the RAMFS cache or inject lua scripts. As results an attacker can cause a denial of service to the Clientless SSL VPN portal or potentially cause the reload of the system. This vulnerability was reported to Cisco by Alec STUART-MUIRK Conditions: SSL VPN should be configured on the system. Additionally a Sharepoint handled needs to be present in order to exploit this issue.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases