cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


469
Views
10
Helpful
4
Replies
Beginner

ASA 5520 9.1(7)23 and Bug CSCvp36425

Good evening everyone.

The bug I referenced above is a high severity and I happen to have an old end of life ASA 5520 that shows on the "Products confirmed not vulnerable" list.  My general concern is that I ran the "show asp table socket | i SSL|DTLS" command and got a similar output showing that it could be vulnerable.

 

Just wanted to get someone else's opinion on it.  Again this ASA is end of life and it's being decommissioned once we migrate everything that it's doing off to the new firewall.  Appreciate any info.

 

# sh ver

Cisco Adaptive Security Appliance Software Version 9.1(7)23 

Device Manager Version 7.9(1)

 

# sh asp table socket | include SSL|DTLS

SSL       001c9728  LISTEN     1**.1**.1**.1**:443                           0.0.0.0:*                                    

SSL       001cfe48  LISTEN     1**.1**.2**.2**:443                             0.0.0.0:*                                    

DTLS      001d0308  LISTEN     1**.1**.1**.1**:443                           0.0.0.0:*                                    

4 REPLIES 4
Hall of Fame Master

Re: ASA 5520 9.1(7)23 and Bug CSCvp36425

Your ASA 5520 is not vulnerable to this bug.

As noted in the Security Advisory, "This vulnerability applies only to the ASA hardware platforms that use a specific cryptographic driver for SSL and TLS packet decryption and encryption."

The vulnerable products (ASA 5506, 5508 and 5516 series) all have a common cryptographic driver due to their use of a chipset (Cavium Octeon III 7130) unique to that hardware.

Ironically that chipset is intended to make the hardware platforms MORE secure. That is coincidentally why they all use the unique images with the "lfbff" string in the image name indicating digitally signed and verified images.

Beginner

Re: ASA 5520 9.1(7)23 and Bug CSCvp36425

Can anyone please confirm is this bug hitting on ASA Software Version 9.4(4)16 with ASA 5516-X with FirePOWER services also? because I don't see any sessions are opened from below output based on Cisco.

We have AnyConnect running on this appliance.

sec/act/asa5516# sh asp tabl sock | i SSL|DTLS
SSL 000014a8 LISTEN 1X.X.X.1:443 0.0.0.0:*
SSL 000032e8 LISTEN X.X.X.X:443 0.0.0.0:*
DTLS 00112f38 LISTEN X.X.X.X:443 0.0.0.0:*
SSL 013c3fb8 ESTAB 1X.X.1.1:443 1X.X.X.X:63877
SSL 0065f498 ESTAB 1X.X.1.1:443 1X.X.X.X:63881

 

Highlighted
Hall of Fame Master

Re: ASA 5520 9.1(7)23 and Bug CSCvp36425

@kumarpadala yes your platform is affected given the 9.4(4)16 software version you are running.

I'd recommend you upgrade to one of the "gold star" releases listed here:

https://software.cisco.com/download/home/286285782/type/280775065/release/9.9.2%20Interim

 

Beginner

Re: ASA 5520 9.1(7)23 and Bug CSCvp36425

Thanks a lot, Marvin for your quick reply, appreciated your help on this.