Guest

Preview Tool

Cisco Bug: CSCup54184 - Cisco ASA SharePoint RAMFS Integrity and Lua Injection Vulnerability

Last Modified

Apr 16, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.0(1.28) 8.6(0) 8.7(1) 9.0(3) 9.2(1) 9.3(1)

Description (partial)

Symptoms:
A vulnerability in the SSL VPN code of Cisco ASA Software could allow an authenticated, remote attacker to overwrite arbitrary file present on
the RAMFS file system or inject Lua scripts.

The vulnerability is due to insufficient validation of the code that handled session information of the SSL VPN when a sharepoint handled is
created. A sharepoint handler is created when a valid sharepoint connection is initiated.. An attacker could exploit this vulnerability by
sending crafted HTTP request to the affected system. SSL VPN feature needs to be configured for the system to be vulnerable.

An exploit could allow the attacker to overwrite arbitrary file on the RAMFS cache or inject lua scripts. As results an attacker can cause a
denial of service to the Clientless SSL VPN portal or potentially cause the reload of the system.

This vulnerability was reported to Cisco by Alec STUART-MUIRK

Conditions:
SSL VPN should be configured on the system. Additionally a Sharepoint handled needs to be present in order to exploit this issue.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.