Firepower, AnyConnect and ASA appliances and clients need patches
Cisco has announced a suite of patches against a bug in its Security Assertion Markup Language (SAML) implementation.
As is so often the case with a language slip, the bug is inherited by multiple products. In the case of
CVE-2018-0229, the affected systems are:
- Single sign-on authentication for the AnyConnect desktop mobility client;
- Adaptive Security Appliance (ASA) software; and
- Firepower Threat Defense (FTD) software.
Cisco's advisory said the bug provided a vector for an attacker to access ASA or FTD software, if they tricked someone into connecting to the security appliances.
As the advisory explained: “The vulnerability exists because there is no mechanism for the ASA or FTD Software to detect that the authentication request originates from the AnyConnect client directly.
“An attacker could exploit this vulnerability by persuading a user to click a crafted link and authenticating using the company's Identity Provider (IdP).”
With a successful phishing attack, an attacker could hijack a user's authentication token, and set up an AnyConnect session to an enterprise's network via ASA or FTD software.
