Re: Running ASA on Software Version 9.16(4) found vunerbility on WAN

adity · ‎01-22-2025

My ASA running on 9.16.4 found the below vulnerabilities on my WAN IP, kindly check and help us to mitigate these

Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability (cisco-sa-20180129-asa1)

CVE-2018-0101

TLS Padding Oracle Vulnerability (Zombie POODLE and GOLDENDOODLE)

CVE-2019-1559

Aref Alsouqi · ‎01-25-2025

Please check the ASA release notes about those CVEs. The fixes should be listed in the resolved sections:

Cisco Secure Firewall ASA - Release Notes - Cisco

MHM Cisco World · ‎01-25-2025

Try upgrading to 9.18 if your ASA support it

MHM

Sheraz.Salim · ‎01-25-2025

CVE-2018-0101:
- This vulnerability was not introduced in a specific ASA version but was present in all versions supporting SSL VPN functionality until patched.
- The issue was discovered in 2018, and Cisco released fixes for affected versions at that time.
CVE-2019-1559:
- This vulnerability was introduced in OpenSSL, not specifically in Cisco ASA software.
- Cisco ASA devices using vulnerable versions of OpenSSL were affected until patched.

This vulnerability appears to be a false positive. The issue was addressed in the versions mentioned in the provided link, and your upgraded version already include the necessary fixes. It is highly likely that your vulnerability scanner is generating a false positive alert.

I have found bug against CVE-2019-1559,However your software version is not listed therefore assume again its false positive. For CVE-2018-0101 your software is already covered

please do not forget to rate.