Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2299
Views
5
Helpful
1
Replies

CSCvi16029 - Cisco Adaptive Security Appliance WebVPN Denial of Service Vulnerability - 1

Peter Marquis
Level 1
Level 1

‎06-29-2018 04:36 AM - edited ‎03-20-2019 10:16 PM

Ok so is anyone else seing problems with the supposedly fixed versions of ASA code

Advisory says if Unicorn Proxy Thread iexists you are vulnerable

 

Our ASA-5525-X is running 9.9(2.1) and we get the following

Show processes | include Unicorn

Mwe 0x00007fe6d525ec48 0x00007fe6b6bcc938 0x00007fe6dac6e4c0      33541 0x00007fe6a3a0f030 30512/32768 Unicorn Proxy Thread 222

so is it still vulnerable?

@PivotalPete "The only stupid question is the one you don't Ask." - A uni lecturer I had once Check Out our offerings at: http://www.pivotalnetworks.co.uk
11 people had this problem
Labels:
0 Helpful
1 Reply 1

mor@cisco.com
Cisco Employee
Cisco Employee

‎03-06-2020 03:11 PM

Folks,

 

There are still some devices seeing this activity in the wild.  Please be sure to apply the recommended patches and follow guidance from Cisco Talos as outlined below.  There are snort signatures as well as web intelligence categories that will blacklist attackers attempting to scan for this.

 

https://blog.talosintelligence.com/2019/12/ASA-Bug-Attacked-In-The-Wild.html

Customers Also Viewed These Support Documents