Finding Devices Vulnerable and Exposed to CVE-2018-0101 with RedSeal

Summary

Cisco has disclosed a critical CVSS 10 vulnerability in ASA that can allow an uncredentialled user to take over the vulnerable device and change access rules. RedSeal has published a custom best practice check for customers to detect vulnerable devices that have the offending service (WebVPN) enabled.

Quick Links:

What is it?

On January 29th, 2018, Cisco disclosed a critical vulnerability (CVE-2018-0101: Cisco Advisory, NVD Link) in the Cisco ASA software that runs on Cisco firewalls and other network devices. On January 30th, the advisory was updated to reflect the newly issues severity score of CVSS 10 – the highest possible score. The vulnerability is in the WebVPN feature of ASA. An uncredentialled attacker with access to the WebVPN portal can exploit the vulnerability to take over the device and execute arbitrary code, or force the device to restart.

What is the impact?

This WebVPN service is often exposed on firewalls, particularly on edge devices mediating access from untrusted networks into organization’s private networks. A successful exploit of this vulnerability can allow the attacker to take over the device, changing any routing or access rules on it to open access from untrusted networks leading to infiltration of the corporate network. Alternatively, the exploited device can be forced to restart resulting in a denial of service for anyone that depends on access which goes through the device.

Impacted Devices:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD)

Mitigation and Remediation – How can RedSeal help?

Cisco is currently rolling out patches to the impacted devices. RedSeal has developed a custom best practice check and made it freely available to customers to quickly identify vulnerable devices anywhere on their network with the WebVPN service enabled. This CBPC can be manually imported into RedSeal to quickly and accurately identify which devices are vulnerable and in need of patching or other mitigation.

Defense Department’s Secret Weapon for Network Security

Nextgov | Jan 30, 2018

By Ray Rothrock, Chief Executive Officer

I have something potentially wildly unpopular to suggest: If you work for or run an organization that deals with human beings and the data that goes with them, and if you are concerned about the security of that data, look to the Defense Department for a solution.

The federal government, which has suffered some high-profile breaches recently, is notably tight-lipped about its cybersecurity strategies, but Defense has been instructive on the topic. The department operates in an environment in which cyberattacks are a persistent threat and as a result, its approach is very different from civilian agencies and many private-sector businesses—and far more successful.

IoT: Why It Is Vulnerable

Security Advisor Middle East | Jan 16, 2018 | Pages 22-23

Feat. Dr. Mike Lloyd, RedSeal CTO

The Internet of Things – the connecting of billions of everyday and industrial devices using tiny sensors that transmit data and share information in the cloud – is revolutionising the way we live and do business.

IoT platforms are expected to save money, improve decision-making, increase staff productivity, provide better visibility into the organization and improve the customer experience. All this potential comes with some big security risks – mainly with the unsecured devices themselves, but also with their ability to join forces to bring down systems. This can leave corporate networks vulnerable.

Seven Important Steps Law Enforcement And Government Agencies Can Take To Combat Hackers

Forbes | Jan 10, 2018

By Dr. Mike Lloyd, RedSeal CTO

It’s been a tough year for cyberattacks. As if WannaCry and NotPetya weren’t damaging enough, a strain called BadRabbit infected hundreds of computers in October in an “apparent aftershock” of NotPetya. Although the victims of BadRabbit have been concentrated in Europe, the global community is now more aware and anxious than ever about widespread ransomware attacks. But whose responsibility is it to prevent — or at least minimize — the damage done by malicious hackers?

Some believe that law enforcement and government agencies should take the wheel when it comes to cybersecurity education and best practices. Here’s what members of Forbes Technology Council had to say.

RedSeal Named GSN HSA Awards Gold Winner for Best Cyber Operational Risk Intelligence

Government Security News | Jan 8, 2018

We are pleased to announce that RedSeal has been named the 2017 Homeland Security Awards Gold winner for Best Cyber Operational Risk Intelligence by Government Security News Magazine. Judging in this category is based on a combination of client organization, technological innovation or improvement, filling a recognized government IT security need and flexibility of a solution to meet current and future organizational needs.

How 3 Innovative Products Approach Network Security

CSO | Jan 2, 2018

A few years ago, almost all enterprise cyber security products were centered within the network security category. Protecting the backend servers that ran organizations was everything. Even today, with an increased focus on cloud, virtualization and enterprise-level endpoint security, protecting the core network is still a primary concern for most organizations.

Here’s a look at how some of the most innovative network security products keep users, assets and data safe within their home networks.

Top Cyber Security Predictions for 2018

IT World Canada | Jan 2, 2018

A new year always brings predictions. When it comes to cyber security, the over-arching prediction from experts is that threats will only get more complex. That means the security team will have to be even sharper than they were in 2017.

Here’s a roundup of what a number of cyber security solution providers see for the next 12 months: