Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
1876
Views
0
Helpful
9
Replies
Tim Glen
Beginner
Beginner
‎01-30-2018 01:45 PM
‎01-30-2018 01:45 PM

CSCvg35618 - Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability

In the Known Fixed Releases section of this bug, it states the bug is fixed in ASA 9.6(3.18). 

 

When I read the 9.6(3) Interim Release Notes the bug is not listed as being fixed.

https://www.cisco.com/web/software/280775065/137781/ASA-963-Interim-Release-Notes.html

 

Can anyone confirm this is resolved in the latest interim release which is 9.6(3.20) ? 

 

Thanks!


Tim

 

 

Labels:
1 person had this problem
0 Helpful
9 REPLIES 9
Leo Laohoo
VIP Community Legend VIP Community Legend
VIP Community Legend
‎01-30-2018 03:13 PM
‎01-30-2018 03:13 PM

The Release Notes takes time to get updated ("process" driven). I'd trust the Security Notice first.
0 Helpful
Tim Glen
Beginner
Beginner
In response to Leo Laohoo
‎01-30-2018 03:27 PM
‎01-30-2018 03:27 PM

So at 3 pm today I printed the Release Notes to a PDF so I could mark them up in my PDF reader. 

 

I opened a TAC case at 5 pm to discuss the confusion with an engineer.   When I was on the phone with the TAC engineer I refreshed the Release Notes on the web and the bug showed up.   Wa-la!   

 

Thanks,

 

Tim

0 Helpful
JRDIAZ758
Beginner
Beginner
In response to Tim Glen
‎02-05-2018 11:19 AM
‎02-05-2018 11:19 AM

 a TAC to us "Unfortunately version 9.6(1) it is affected, the fixed release is 9.6.3.20. We encourage to our customers to make the necessary upgrades that ensure security"

 

So we proceeded to upgrade to that version. Does this mean we will  need to upgrade again?

0 Helpful
Tim Glen
Beginner
Beginner
In response to JRDIAZ758
‎02-05-2018 11:39 AM
‎02-05-2018 11:39 AM

 

I agree with TAC that 9.6(1) is vulnerable. 

 

As of this weekend, slides have been made available that detail how to exploit this issue so upgrading to fixed version should be a priority. 

 

Please see the screenshot below for the versions that are known to be fixed.

Bug_Search.jpg

 

Hope this helps

0 Helpful
JRDIAZ758
Beginner
Beginner
In response to Tim Glen
‎02-05-2018 11:45 AM
‎02-05-2018 11:45 AM

I am already off 9.6.1  ... currently using 9.6.3.20...what i want to confirm if that one is now vulnerable ,,,

0 Helpful
Leo Laohoo
VIP Community Legend VIP Community Legend
VIP Community Legend
In response to JRDIAZ758
‎02-05-2018 11:48 AM
‎02-05-2018 11:48 AM

9.6(3)20 is not vulnerable.
0 Helpful
Ralphy006
Beginner
Beginner
In response to Leo Laohoo
‎02-05-2018 01:55 PM
‎02-05-2018 01:55 PM

Looks like 9.6.3.20 isnt good enough after an update to the bug report.

 

from tac “Initially, the fix for the issue was on 9.6(3)20 and above. However, after further research, Cisco has identified additional attack vectors and features that are affected by this vulnerability. In addition, it was also found that the original fix was incomplete so new fixed code versions are now available to completely address the vulnerability.

If you want to fully fix the issue on your ASA 5545-X, you will need to upgrade to the version 9.6(4)3.”

0 Helpful
Tim Glen
Beginner
Beginner
In response to JRDIAZ758
‎02-05-2018 04:41 PM
‎02-05-2018 04:41 PM

@JRDIAZ758 

The slides from the Recon Conference are now public and I imagine exploit tools are being created right now.

 

The PSIRT was updated today. 9.6(3.20) is no longer considered Fixed.  For 9.6.x the First Fixed is now 9.6(4.3), see screenshot below.  Hope this helps,  Tim

 

Cisco_Systems.jpg

0 Helpful
Leo Laohoo
VIP Community Legend VIP Community Legend
VIP Community Legend
In response to Tim Glen
‎02-05-2018 10:33 PM
‎02-05-2018 10:33 PM

The reason why the table has been updated is because they've added a different vulnerability on top of the original one (adding to the confusion).
0 Helpful
Latest Contents
CSCud62892 - UCCX Maximum Length of Agent IDs Inconsistent
Created by Michael Hargrove on 04-14-2021 10:20 AM
0
0
0
0
This issue has been resolved in 12.5(1) SU1 Unified CCX now supports Agent ID with 64 alphanumeric characters.
SNTC PORTAL ACTIVATION
Created by soboliva on 03-24-2021 02:42 PM
0
0
0
0
Hi!    Yesterday I request that the CCOID of one of my customers get linked within the SNT  contract for them to be able to have a SNTC portal, however no portal is up after 30 hours 
CSCvc94546 - UCCX Finesse fails to log in agents with error ...
Created by jorgefl on 02-24-2021 11:55 AM
0
5
0
5
Full analysis if the problem  The root cause behind this problem is the delay in sync between CUCM and CCX. CCX and CUCM has an automated sync mechanism which might vary from 5 - 10 minutes based on various parameters. Also there is an option to sync... view more
Wireless TAC Tools: Tips and Tricks - Support Talks FAQ
Created by ciscomoderator on 02-18-2021 11:47 AM
0
0
0
0
This event had place on Thursday 14th, Janaury at 9:30 hrs PDT -This Support Talk event is a special session of the “TAC Tools Explained Series”-  Introduction This event provides a practical introduction to Cisco’s TAC Wireless tools, their featur... view more
Wireless TAC Tools: Tips and Tricks - Video
Created by ciscomoderator on 02-17-2021 12:27 PM
0
0
0
0
Support Talks video- Wireless TAC Tools: Tips and Tricks  (Live event -  Thursday 11 February, 2020 at 9:30 am Pacific/ 12:30 pm Eastern / 6:30 pm Paris) -This Support Talk event is a special session of the “TAC Tools Explained Series”- This ev... view more