cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1498
Views
5
Helpful
1
Replies
Highlighted
Beginner

CSCvi16029 - Cisco Adaptive Security Appliance WebVPN Denial of Service Vulnerability - 1

Ok so is anyone else seing problems with the supposedly fixed versions of ASA code

Advisory says if Unicorn Proxy Thread iexists you are vulnerable

 

Our ASA-5525-X is running 9.9(2.1) and we get the following

Show processes | include Unicorn

Mwe 0x00007fe6d525ec48 0x00007fe6b6bcc938 0x00007fe6dac6e4c0      33541 0x00007fe6a3a0f030 30512/32768 Unicorn Proxy Thread 222

so is it still vulnerable?

@PivotalPete "The only stupid question is the one you don't Ask." - A uni lecturer I had once Check Out our offerings at: http://www.pivotalnetworks.co.uk
Everyone's tags (4)
1 REPLY 1
Highlighted
Cisco Employee

Re: CSCvi16029 - Cisco Adaptive Security Appliance WebVPN Denial of Service Vulnerability - 1

Folks,

 

There are still some devices seeing this activity in the wild.  Please be sure to apply the recommended patches and follow guidance from Cisco Talos as outlined below.  There are snort signatures as well as web intelligence categories that will blacklist attackers attempting to scan for this.

 

https://blog.talosintelligence.com/2019/12/ASA-Bug-Attacked-In-The-Wild.html