Lucene search

CiscoCISCO-SA-ASAFTD-RULE-BYPASS-P73ABNWQ

HistoryOct 21, 2020 - 4:00 p.m.

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN Portal Access Rule Bypass Vulnerability

2020-10-2116:00:00

tools.cisco.com

cisco

adaptive security appliance

firepower threat defense

webvpn

portal access

bypass

vulnerability

software

update

remote attacker

configuration

urls

validation

security advisory

EPSS

0.002

Percentile

55.7%

JSON

Update from October 22nd, 2020: Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 in the Fixed Software [“#fs”] section of this advisory. See the Cisco Adaptive Security Appliance Software SSL/TLS Denial of Service Vulnerability [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy”] for additional information.

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked.

The vulnerability is due to insufficient validation of URLs when portal access rules are configured. An attacker could exploit this vulnerability by accessing certain URLs on the affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rule-bypass-P73ABNWQ [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rule-bypass-P73ABNWQ”]

Affected configurations

Vulners

Node

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.12

ciscoasa_5500-x_series_ips_ssp_softwareMatchany

ciscoindustrial_security_appliances_3000_firmwareMatchany

ciscofirepower_9000_firmwareMatchany

ciscofirepower_4100_next-generation_firewall_firmwareMatchany

ciscoadaptive_security_virtual_applianceMatchany

ciscofirepower_threat_defense_softwareMatchany

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.1.5

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.2.17

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.2.20

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.2.35

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.3.21

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.4

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.4.7

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.4.15

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.4.22

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.12.3.2

ciscoasaMatch5500-x_series_firewalls

ciscoadaptive_security_appliance_softwareMatch3000_series_industrial_security_appliances_\(isa\)

ciscoadaptive_security_appliance_softwareMatch9000_series

ciscoadaptive_security_appliance_softwareMatch4100_series

ciscoadaptive_security_virtual_applianceMatchany

ciscofirepower_threat_defense_softwareMatchany

ciscoadaptive_security_appliance_softwareMatch4100_series

ciscoasaMatch5500-x_series_firewalls

ciscoadaptive_security_appliance_softwareMatch9000_series

ciscoadaptive_security_appliance_softwareMatch3000_series_industrial_security_appliances_\(isa\)

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.3.21_when_installed_on_cisco_adaptive_security_virtual_appliance_\(asav\)

ciscoasaMatch5500-x_series_firewalls

ciscoadaptive_security_appliance_softwareMatch3000_series_industrial_security_appliances_\(isa\)

ciscoadaptive_security_appliance_softwareMatch4100_series

ciscoasaMatch5500-x_series_firewalls

ciscoadaptive_security_appliance_softwareMatch9000_series

VendorProductVersionCPE
ciscocisco_adaptive_security_appliance_\(asa\)_software9.8cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.8:*:*:*:*:*:*:*
ciscocisco_adaptive_security_appliance_\(asa\)_software9.12cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.12:*:*:*:*:*:*:*
ciscoasa_5500-x_series_ips_ssp_softwareanycpe:2.3:a:cisco:asa_5500-x_series_ips_ssp_software:any:*:*:*:*:*:*:*
ciscoindustrial_security_appliances_3000_firmwareanycpe:2.3:o:cisco:industrial_security_appliances_3000_firmware:any:*:*:*:*:*:*:*
ciscofirepower_9000_firmwareanycpe:2.3:o:cisco:firepower_9000_firmware:any:*:*:*:*:*:*:*
ciscofirepower_4100_next-generation_firewall_firmwareanycpe:2.3:o:cisco:firepower_4100_next-generation_firewall_firmware:any:*:*:*:*:*:*:*
ciscoadaptive_security_virtual_applianceanycpe:2.3:a:cisco:adaptive_security_virtual_appliance:any:*:*:*:*:*:*:*
ciscofirepower_threat_defense_softwareanycpe:2.3:a:cisco:firepower_threat_defense_software:any:*:*:*:*:*:*:*
ciscocisco_adaptive_security_appliance_\(asa\)_software9.8.1.5cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.8.1.5:*:*:*:*:*:*:*
ciscocisco_adaptive_security_appliance_\(asa\)_software9.8.2.17cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.8.2.17:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	cisco_adaptive_security_appliance_\(asa\)_software	9.8	cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.8:::::::*
cisco	cisco_adaptive_security_appliance_\(asa\)_software	9.12	cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.12:::::::*
cisco	asa_5500-x_series_ips_ssp_software	any	cpe:2.3:a:cisco:asa_5500-x_series_ips_ssp_software:any:::::::*
cisco	industrial_security_appliances_3000_firmware	any	cpe:2.3:o:cisco:industrial_security_appliances_3000_firmware:any:::::::*
cisco	firepower_9000_firmware	any	cpe:2.3:o:cisco:firepower_9000_firmware:any:::::::*
cisco	firepower_4100_next-generation_firewall_firmware	any	cpe:2.3:o:cisco:firepower_4100_next-generation_firewall_firmware:any:::::::*
cisco	adaptive_security_virtual_appliance	any	cpe:2.3:a:cisco:adaptive_security_virtual_appliance:any:::::::*
cisco	firepower_threat_defense_software	any	cpe:2.3:a:cisco:firepower_threat_defense_software:any:::::::*
cisco	cisco_adaptive_security_appliance_\(asa\)_software	9.8.1.5	cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.8.1.5:::::::*
cisco	cisco_adaptive_security_appliance_\(asa\)_software	9.8.2.17	cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.8.2.17:::::::*