CVE-2018-0101 : A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, or cause a reload of the affected device. This vulnerability affects Cisco ASA Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, ASA 1000V Cloud Firewall, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4110 Security Appliance, Firepower 9300 ASA Security Module, Firepower Threat Defense Software (FTD). Cisco Bug IDs: CSCvg35618.

Published 2018-01-29 20:29:00

Updated 2023-08-15 15:24:56

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Products affected by CVE-2018-0101

Cisco » Adaptive Security Appliance Software
Versions before (<) 9.1.7.23
cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Matching versions
Cisco » Adaptive Security Appliance Software
Versions from including (>=) 9.2.0 and before (<) 9.2.4.27
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Matching versions
Cisco » Adaptive Security Appliance Software
Versions from including (>=) 9.7.0 and before (<) 9.7.1.21
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Matching versions
Cisco » Adaptive Security Appliance Software
Versions from including (>=) 9.5.0 and before (<) 9.6.4.3
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Matching versions
Cisco » Adaptive Security Appliance Software
Versions from including (>=) 9.8.0 and before (<) 9.8.2.20
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Matching versions
Cisco » Adaptive Security Appliance Software
Versions from including (>=) 9.9.0 and before (<) 9.9.1.2
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Matching versions
Cisco » Adaptive Security Appliance Software
Versions from including (>=) 9.3.0 and before (<) 9.4.4.16
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Matching versions
Cisco » Firepower Threat Defense » Version: 6.1.0
cpe:2.3:a:cisco:firepower_threat_defense:6.1.0:*:*:*:*:*:*:*
Matching versions
Cisco » Firepower Threat Defense » Version: 6.0.1
cpe:2.3:a:cisco:firepower_threat_defense:6.0.1:*:*:*:*:*:*:*
Matching versions
Cisco » Firepower Threat Defense » Version: 6.0.0
cpe:2.3:a:cisco:firepower_threat_defense:6.0.0:*:*:*:*:*:*:*
Matching versions
Cisco » Firepower Threat Defense » Version: 6.2.0
cpe:2.3:a:cisco:firepower_threat_defense:6.2.0:*:*:*:*:*:*:*
Matching versions
Cisco » Firepower Threat Defense » Version: 6.2.2
cpe:2.3:a:cisco:firepower_threat_defense:6.2.2:*:*:*:*:*:*:*
Matching versions
Cisco » Firepower Threat Defense » Version: 6.2.1
cpe:2.3:a:cisco:firepower_threat_defense:6.2.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-0101

EPSS FAQ

90.93%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 100 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-0101

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
10.0	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	3.9	6.0	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-0101

CWE-415 Double Free

The product calls free() twice on the same memory address.
Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)

References for CVE-2018-0101

https://www.exploit-db.com/exploits/43986/

Cisco ASA - Crash (PoC)
Exploit;Third Party Advisory;VDB Entry
https://icanthackit.wordpress.com/2018/01/30/thoughts-on-the-handling-cve-2018-0101-cisco-bug-cscvg35618/

Thoughts on the handling CVE-2018-0101 / Cisco Bug CSCvg35618 – I CAN'T HACK IT …OR CAN I?
Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1

Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability
Vendor Advisory
http://www.securitytracker.com/id/1040292

Cisco ASA Double-Free Memory Error in SSL VPN Lets Remote Users Execute Arbitrary Code on the Target System - SecurityTracker
Third Party Advisory;VDB Entry
https://pastebin.com/YrBcG2Ln

[Python] Cisco ASA CVE-2018-0101 Crash PoC - Pastebin.com
Exploit;Third Party Advisory
http://www.securityfocus.com/bid/102845

Cisco Adaptive Security Appliance CVE-2018-0101 Remote Code Execution Vulnerability
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2018-0101

Products affected by CVE-2018-0101

Exploit prediction scoring system (EPSS) score for CVE-2018-0101

CVSS scores for CVE-2018-0101

CWE ids for CVE-2018-0101

References for CVE-2018-0101