My ASA 5555 Version is 

Cisco Adaptive Security Appliance Software Version 9.8(2) Firepower Extensible Operating System Version 2.2(2.52) Device Manager Version 7.8(2)151

Webvpn is enable on my outside interface.

I am using Cisco ASA 5555 pair.

I dont see 9.8.2 listed in the Affected Releases as per URL:https://quickview.cloudapps.cisco.com/quickview/bug/CSCvg35618

do i need to upgrade the software?. Pls advise

The fix is for 9.8(2) is 9.8(2)14.

You say that but I was just told by TAC that that notice was not up to date and that we needed to look at the notice here:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg35618/?reffering_site=dumpcr

Literally 20 minutes ago.  Its really annoying and I prefer the article you mention because its easy to clearly see what revision we should be going to, the ID the rep in TAC gave me has about 10 versions for 9.8.2 that its "fixed in"

This is great!!  (sarcasm).... 

The Interim Release Notes for 9.8.2 show that CSCvg35618 was fixed in 9.8(2.8). 

https://www.cisco.com/web/software/280775065/139997/ASA-982-Interim-Release-Notes.html

The Bug shows the Known First Fixed as 9.8(2.12)

The PSIRT shows 9.8(2.14) as First Fixed.

Here is what I would do.   The latest Interim Release on the Cisco Download Site is 9.8(2.17).  I would install that version. 

HTH

Thanks Tim, I see you have run into the same thing I have been hit by myself.  Lets play russian roulette with Cisco bugs and hope we dont get bit!

I myself am on 9.9.1 currently, which is listed as "known fixed" but the other bug id page shows 9.9.1.2 as the resolved version.  TAC is saying we are good but the advisory is saying something else.  Currently in a waiting state here, don't know which Cisco resource to believe.

I see that.  The bug states 9.9(1) is Known Fixed.  The PSIRT states 9.9(1.2) is First Fixed, however when I look at the Cisco Download Site 9.9(1) has no Interim Releases available.  

The security researcher who discovered this did extensive deep dives into the ASA during the month of September. 

https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/september/cisco-asa-series-part-one-intro-to-the-cisco-asa/

Assumptions Below

We can ASSUME that the researcher made Cisco aware of this in the September timeframe because he works for a White Hat Org. Plus, I've seen Fixed Interim versions of ASA OS in Nov 2017 & Dev 2017 (over a full month before we heard about this).  

My feeling is that Cisco just issued this PSIRT because the researcher is going to be discussing this vulnerability at a conference in Brussels on Friday Feb 2, 2018. 

https://recon.cx/2018/brussels/talks/cisco.html

Hi I am new to Cisco world and I would like to know if someone can advise if this vulnerability is applies to ASA 5505 ?

I went through the steps to check if my router is affected and I dont think so because it is not running a FTD Software Release, at least I could not see when I ran the command: show version

ASA5505# show version

 Cisco Adaptive Security Appliance Software Version 9.2(4)5

Device Manager Version 7.5(1)

Thanks 

Tom Menezes

Gotta love it! We are doing 9.6(4) because apparently 9.6(3).20 has a Bug that requires manually device reboot every 200+ days. 

---

@JazzyJ wrote:

Gotta love it! We are doing 9.6(4) because apparently 9.6(3).20 has a Bug that requires manually device reboot every 200+ days. 

---

That is CSCvd78303 and Field Notice can be found HERE.

Thanks for the link!

JazzyJ

I don't believe that is accurate. 

That Field Notice is HERE.

Leo also mentioned the Bug is HERE. 

Specifically, the bug shows that 9.6(3) is affected by CSCvd78303.  However, this was fixed in 9.6(3.1).

This bug is not present in 9.6(3.20).  See screen shot below. 

I hope this helps clarify. 

Tim

Please rate helpful posts.

Very helpful I was looking at the wrong item. Thank you!

J