cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
900
Views
1
Helpful
2
Replies

Found CVE-2018-0101 on ASA 9.12.4.67 which is released 2024

Loc120287
Level 1
Level 1

Hi,

My security team ran a monthly VULNERABILITY scan and found CVE-2018-0101 on our ASA. 

We upgrade our  ASA quite often. By the time it was scanned, It had the latest version of ASA OS which is  9.12.4.67

I checked the link for the bug.  Our ASA is not in the effected OS of the bug.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1

Is it safe to say it is a false positve here?

Thanks

Loc

1 Accepted Solution

Accepted Solutions

You're right, there appears to be a discrepancy.

CVE-2018-0101 Details: This CVE refers to a critical vulnerability in Cisco ASA's SSL VPN functionality identified in 2018. It allowed attackers to remotely execute code or reload the device.

Cisco ASA 9.12.4.67: This version was released in 2024, after the initial discovery and patching of CVE-2018-0101.

Cisco Security Advisory: The link you provided confirms that the vulnerable versions were patched in 2018.

Considering these points, it's highly likely that this is a false positive.

Here's what you can do next:

Double-check the scanner report: Look for details about the specific vulnerability detected. It might be a variant or a different issue with a similar CVE ID.
Contact Cisco Support: Explain the situation and provide details about your ASA version and the scanner report. They can definitively confirm if it's a false positive.
Consider alternative scanners: If you frequently encounter false positives with your current scanner, explore other vulnerability scanning tools.

In short summary, there's strong evidence suggesting a false positive. However, it's always best to confirm with Cisco or seek a second opinion from another scanner for peace of mind.

please do not forget to rate.

View solution in original post

2 Replies 2

ccieexpert
Spotlight
Spotlight

hi most likely a false positive . but to be on the safe side.. ask your security team to provide details and maybe even the contact the vendor that makes the scanner to ask them why its triggering.. once you have the details, you can then contact PSIRT (Cisco Product Security Incident Response Team) PSIRT link  and give them  the details you found and what shows in the scan.. and they will get back to you.. I suggest first contacting the vendor of the scanning tool or atleast get full details of the scan, so that PSIRT has all the details.

 

 

You're right, there appears to be a discrepancy.

CVE-2018-0101 Details: This CVE refers to a critical vulnerability in Cisco ASA's SSL VPN functionality identified in 2018. It allowed attackers to remotely execute code or reload the device.

Cisco ASA 9.12.4.67: This version was released in 2024, after the initial discovery and patching of CVE-2018-0101.

Cisco Security Advisory: The link you provided confirms that the vulnerable versions were patched in 2018.

Considering these points, it's highly likely that this is a false positive.

Here's what you can do next:

Double-check the scanner report: Look for details about the specific vulnerability detected. It might be a variant or a different issue with a similar CVE ID.
Contact Cisco Support: Explain the situation and provide details about your ASA version and the scanner report. They can definitively confirm if it's a false positive.
Consider alternative scanners: If you frequently encounter false positives with your current scanner, explore other vulnerability scanning tools.

In short summary, there's strong evidence suggesting a false positive. However, it's always best to confirm with Cisco or seek a second opinion from another scanner for peace of mind.

please do not forget to rate.
Review Cisco Networking for a $25 gift card