Unpatched Cisco Clientless SSL VPN Attack Spreading

Last October the security researcher Alec Stuart-Muirk presented at Ruxcon how to crack into Cisco systems.  This resulted in Cisco issuing a patch for the Adaptive Security Appliance (ASA) software for Cisco ASA Clientless SSL VPN Information Disclosure and Denial of Service and Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerabilities.  Hostile actors have been targeting these devices resulting in compromising VPN security and gaining access to networks protected by unpatched Cisco ASA devices.

There is an exploit script in Metasploit.  Once exploited the network can still be compromised even after patching the Cisco ASA.

Link to the Ruxcon slides:https://ruxcon.org.au/assets/2014/slides/Breaking%20Bricks%20Ruxcon%202014.pdf

Post by Protocol 46