01-30-2018 01:47 PM - edited 03-20-2019 09:51 PM
I am confuse for this bug.
My ASA 5510 Version is
Cisco Adaptive Security Appliance Software Version 9.1(7)13
Device Manager Version 7.7(1)
Webvpn is enable on my outside interface.
I am using Cisco ASA 5510 pair.
I can see 9.1(7.20) is in fixed release, do i need to upgrade the software.
01-30-2018 02:04 PM
The version you are running is affected by this bug \ vulnerability, so yes you do need to upgrade your ASA OS.
Here is a link to the Interim Release Notes, unfortunately, the RN do not explicitly state this bug CSCvg35618 was fixed in any version.
https://www.cisco.com/web/software/280775065/131523/ASA-917-Interim-Release-Notes.html
01-30-2018 03:14 PM
The Release Notes takes time to get updated ("process" driven). Due to the nature of the business unit, the Security Notices gets updated very regularly. So the Release Notes will be updated further down the track.
01-31-2018 12:59 AM
My ASA 5555 Version is
Cisco Adaptive Security Appliance Software Version 9.8(2) Firepower Extensible Operating System Version 2.2(2.52) Device Manager Version 7.8(2)151
Webvpn is enable on my outside interface.
I am using Cisco ASA 5555 pair.
I dont see 9.8.2 listed in the Affected Releases as per URL:https://quickview.cloudapps.cisco.com/quickview/bug/CSCvg35618
do i need to upgrade the software?. Pls advise
01-31-2018 01:07 AM - edited 01-31-2018 01:07 AM
The fix is for 9.8(2) is 9.8(2)14.
01-31-2018 08:53 AM
You say that but I was just told by TAC that that notice was not up to date and that we needed to look at the notice here:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg35618/?reffering_site=dumpcr
Literally 20 minutes ago. Its really annoying and I prefer the article you mention because its easy to clearly see what revision we should be going to, the ID the rep in TAC gave me has about 10 versions for 9.8.2 that its "fixed in"
01-31-2018 09:12 AM - edited 01-31-2018 09:23 AM
This is great!! (sarcasm)....
The Interim Release Notes for 9.8.2 show that CSCvg35618 was fixed in 9.8(2.8).
https://www.cisco.com/web/software/280775065/139997/ASA-982-Interim-Release-Notes.html
The Bug shows the Known First Fixed as 9.8(2.12)
The PSIRT shows 9.8(2.14) as First Fixed.
Here is what I would do. The latest Interim Release on the Cisco Download Site is 9.8(2.17). I would install that version.
HTH
01-31-2018 09:24 AM - edited 01-31-2018 09:26 AM
Thanks Tim, I see you have run into the same thing I have been hit by myself. Lets play russian roulette with Cisco bugs and hope we dont get bit!
I myself am on 9.9.1 currently, which is listed as "known fixed" but the other bug id page shows 9.9.1.2 as the resolved version. TAC is saying we are good but the advisory is saying something else. Currently in a waiting state here, don't know which Cisco resource to believe.
01-31-2018 09:35 AM
I see that. The bug states 9.9(1) is Known Fixed. The PSIRT states 9.9(1.2) is First Fixed, however when I look at the Cisco Download Site 9.9(1) has no Interim Releases available.
The security researcher who discovered this did extensive deep dives into the ASA during the month of September.
Assumptions Below
We can ASSUME that the researcher made Cisco aware of this in the September timeframe because he works for a White Hat Org. Plus, I've seen Fixed Interim versions of ASA OS in Nov 2017 & Dev 2017 (over a full month before we heard about this).
My feeling is that Cisco just issued this PSIRT because the researcher is going to be discussing this vulnerability at a conference in Brussels on Friday Feb 2, 2018.
https://recon.cx/2018/brussels/talks/cisco.html
01-31-2018 05:12 PM
Hi I am new to Cisco world and I would like to know if someone can advise if this vulnerability is applies to ASA 5505 ?
I went through the steps to check if my router is affected and I dont think so because it is not running a FTD Software Release, at least I could not see when I ran the command: show version
ASA5505# show version
Cisco Adaptive Security Appliance Software Version 9.2(4)5
Device Manager Version 7.5(1)
Thanks
Tom Menezes
01-31-2018 08:01 PM
Gotta love it! We are doing 9.6(4) because apparently 9.6(3).20 has a Bug that requires manually device reboot every 200+ days.
01-31-2018 10:23 PM - edited 01-31-2018 10:53 PM
@JazzyJ wrote:
Gotta love it! We are doing 9.6(4) because apparently 9.6(3).20 has a Bug that requires manually device reboot every 200+ days.
That is CSCvd78303 and Field Notice can be found HERE.
01-31-2018 10:46 PM
Thanks for the link!
02-01-2018 10:19 AM
JazzyJ
I don't believe that is accurate.
That Field Notice is HERE.
Leo also mentioned the Bug is HERE.
Specifically, the bug shows that 9.6(3) is affected by CSCvd78303. However, this was fixed in 9.6(3.1).
This bug is not present in 9.6(3.20). See screen shot below.
I hope this helps clarify.
Tim
Please rate helpful posts.
02-01-2018 10:30 AM
Very helpful I was looking at the wrong item. Thank you!
J
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: