NCC : Critical security vulnerability found in business firewalls

Critical security vulnerability found in business firewallsWhen exploited, this vulnerability known as CVE-2018-0101 allows the attacker to see all of the data passing through the system and provides them with administrative privileges, enabling them to remotely gain access to the network behind it. Targeting the vulnerability without a specially-crafted exploit would cause the firewall to crash and would potentially disrupt the connectivity to the network.

The global cyber security and risk mitigation expert found that the vulnerability affects routers and, because most firewalls are configured to provide VPN access, it affects most business using a Cisco ASA firewall.

Businesses can protect themselves by implementing a patch, which Cisco has been quick to release following the discovery of this vulnerability. It is also recommended that organisations consider upgrading their firewalls to one of the most recent branches in order to safeguard from potential zero-day vulnerabilities.

This vulnerability can only be triggered if remote AnyConnect or WebVPN access is enabled, which is a common configuration for these firewalls. Large enterprises or those with more sophisticated routers are potentially at more risk due to the increased capability for remote access.

Ollie Whitehouse, global chief technical officer at NCC Group, said: 'While this is an extremely serious vulnerability, it's important to commend Cisco for how swiftly the company took action when this issue was brought to its attention. The company has responded diligently and in reacting so quickly, has demonstrated best practice to the rest of the industry.

'The threat of cybercrime is more significant than it has ever been, and is one of the most serious threats affecting the business community. The fact that this vulnerability was found in a firewall designed to prevent unauthorised access only reinforces the fact that nothing can ever be 100% secure - spreading this knowledge is crucial.

'The best way businesses can mitigate the majority of these types of threats is by keeping their software, including operating systems and firewalls, up to date.'

ENDS

Notes to editors

NCC Group discovered a memory corruption vulnerability in the AnyConnect/WebVPN stack of Cisco ASA firewalls. It was given a CVSS rating of 10.0 (Critical) and was assigned CVE-2018-0101. It is pre-authentication vulnerability that NCC Group has confirmed can be exploited to achieve remote code execution. Triggering the bug without a specially crafted exploit will result in a remote denial of service.

Triggering the vulnerability requires that either WebVPN or AnyConnect is enabled. These two services are often exposed externally on the Internet since this is functionality that Cisco ASA devices are generally used for.

Published date: 31 January 2018