Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability – CVE-2018-0101

Perhaps the foundation of java and xml. They are unusual and change the cyber world atmosphere. Cisco found threat actor can crafted xml causes denial of services from Cisco firewall. The official announcement just post last week. Now a additional new issue found on VPN tunnel function. As mentioned last week, XML memory Exploit not a new topic. It announced in RSA conference on 2016.The concept idea shown as below:

MS XML Exploit:

  1. Double free memory vulnerability in MSXML3.dll
  2. Invokable with IE
  3. Validating DTDs (Document Type Defintion) in an XML document
  4. Invalid forward ID references
  5. Memory occupied by a forward reference object is freed twice
  6. Present in older heap manager used

Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1

3 thoughts on “Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability – CVE-2018-0101”

  1. Quality content is the key to invite the users to pay a quick visit the web page, that’s what this site is providing.

  2. Thank you, I have recently been searching for information approximately this subject for a while and yours
    is the greatest I have found out so far. But, what concerning the bottom line?
    Are you positive concerning the source?

  3. I hope you all are having a great weekend. I added a new list. This one is smaller, but still useful. I think the next one will be bigger.

Comments are closed.