Few days ago, Cisco published a critical advisor with a score of 10/10 about ASA and Firepower devices. The vulnerability known as CVE-2018-0101 and discovered by Cedric Halbronn, Senior Researcher at NCC Group is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system.
This vulnerability allows the attacker to see all of the data passing through the system and provides them with administrative privileges, enabling them to remotely gain access to the network behind it.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Note: This vulnerability can only be triggered if remote AnyConnect or WebVPN access is enabled, which is a common configuration for these firewalls. To determine whether webvpn is enabled for at least one interface, administrators can use the show running-config webvpn command at the CLI and verify that the command returns at least one enable <if_name> line.
The following example shows the output of the command for a device that is running Cisco ASA Software and has WebVPN enabled on the Outside interface.
Ciscozine#show running-config webvpn webvpn enable Outside