Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-0101

CWE-4158 documents7 sources

CVSS

CRITICAL

EPSS92.8%(100th)

Public Exploit

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages3 packages

▶NVDcisco/adaptive_security_appliance_software9.2.0 — 9.2.4.27+6

▶CVEListV5cisco_adaptive_security_applianceCisco Adaptive Security Appliance

▶NVDcisco/firepower_threat_defense6 versions+5

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the…

NVD ↗MITRE ↗

🔴Vulnerability Details

GHSA

GHSA-gxj8-6mjh-32m2: A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthentic↗2022-05-13

▶

CVEList

CVE-2018-0101: A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthentic↗2018-01-29

▶

VulnCheck

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Double Free↗2018

▶

💥Exploits & PoCs

Exploit-DB

Cisco ASA - Crash (PoC)↗2018-02-07

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability↗2018-01-29

▶

🕵️Threat Intelligence

Tenable

Identifying Systems Affected by Cisco ASA Critical Vulnerability (CVE-2018-0101)↗2018-02-06

▶