Multiple Cisco Products CVE-2018-0227 SSL Certificate Validation Security Bypass Vulnerability
BID:104018
CVE-2018-227 |Info
Multiple Cisco Products CVE-2018-0227 SSL Certificate Validation Security Bypass Vulnerability
| Bugtraq ID: | 104018 |
| Class: | Design Error |
| CVE: |
CVE-2018-0227 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 18 2018 12:00AM |
| Updated: | Apr 18 2018 12:00AM |
| Credit: | Cisco |
| Vulnerable: |
Cisco Firepower Threat Defense Software 6.1 Cisco Firepower Threat Defense Software 6.1.0.5 Cisco Firepower Threat Defense Software 6.0.1.4 Cisco Firepower Threat Defense Software 6.0 Cisco FirePOWER 9300 ASA Security Module 0 Cisco Firepower 4110 Security Appliance 0 Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches 0 Cisco ASA Services Module for Cisco 7600 Series Routers 0 Cisco ASA 5500-X Series Next-Generation Firewalls 0 Cisco ASA 5500 Series Adaptive Security Appliances 0 Cisco Adaptive Security Virtual Appliance (ASAv) 0 Cisco Adaptive Security Appliance (ASA) Software 9.6.3 Cisco Adaptive Security Appliance (ASA) Software 9.4.4 Cisco Adaptive Security Appliance (ASA) Software 9.6.3.17 Cisco Adaptive Security Appliance (ASA) Software 9.6.2.9 Cisco Adaptive Security Appliance (ASA) Software 9.6.2.21 Cisco Adaptive Security Appliance (ASA) Software 9.5.3.9 Cisco Adaptive Security Appliance (ASA) Software 9.5.3.7 Cisco Adaptive Security Appliance (ASA) Software 9.5.2.8 Cisco Adaptive Security Appliance (ASA) Software 9.5.2.7 Cisco Adaptive Security Appliance (ASA) Software 9.4.4.13 Cisco Adaptive Security Appliance (ASA) Software 9.4.3.2 Cisco Adaptive Security Appliance (ASA) Software 9.4.3.1 Cisco 3000 Series Industrial Security Appliance (ISA) 0 |
| Not Vulnerable: |
Cisco Firepower Threat Defense Software 6.1.0.6 Cisco Adaptive Security Appliance (ASA) Software 9.6.3.20 Cisco Adaptive Security Appliance (ASA) Software 9.4.4.14 |
Discussion
Multiple Cisco Products CVE-2018-0227 SSL Certificate Validation Security Bypass Vulnerability
Multiple Cisco products are prone to a security-bypass vulnerability.
An attacker can exploit this issue to perform man-in-the-middle attacks and perform certain unauthorized actions, which will aid in further attacks.
This issue is being tracked by Cisco Bug ID CSCvg40155.
Multiple Cisco products are prone to a security-bypass vulnerability.
An attacker can exploit this issue to perform man-in-the-middle attacks and perform certain unauthorized actions, which will aid in further attacks.
This issue is being tracked by Cisco Bug ID CSCvg40155.
Exploit / POC
Multiple Cisco Products CVE-2018-0227 SSL Certificate Validation Security Bypass Vulnerability
An attacker can use readily available tools to exploit this issue.
An attacker can use readily available tools to exploit this issue.
Solution / Fix
Multiple Cisco Products CVE-2018-0227 SSL Certificate Validation Security Bypass Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Multiple Cisco Products CVE-2018-0227 SSL Certificate Validation Security Bypass Vulnerability
References:
References: