If you are running Cisco WebVPN

Started by icecream-guy, January 30, 2018, 06:30:58 AM

Previous topic - Next topic

deanwebb

This got added today:

Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is aware of public knowledge of the vulnerability that is described in this advisory. Cisco PSIRT is aware of attempted malicious use of the vulnerability described in this advisory.


You best be patching those ASAs, people! GOGOGOGO DOO EET NAO!!!

:explosion2:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

icecream-guy

Quote from: deanwebb on February 07, 2018, 10:24:50 AM
Quote from: Otanx on February 07, 2018, 09:30:57 AM
OK, I got you now. Yes ASAs doing termination of Anyconnect Clients are vulnerable. The client itself is not. I just wanted to make sure I didn't miss patching anything. From the new notice it seems the bug is in the underlying XML parser so any features that do XML will be vulnerable. So web, VPN, ASDM, etc.

-Otanx


Correct, it's in the hardware end, not the client end. And it's all the hardware, bigger stuff is more vulnerable than the smaller stuff.


if you are working for the gov like, me,  since it's a critical vulnerability, everything must be patched, doesn't matter if it's vulnerable or not, it gets patched, to fill the security overlords patching checkboxes.
:professorcat:

My Moral Fibers have been cut.

icecream-guy

Quote from: deanwebb on February 07, 2018, 01:48:17 PM
This got added today:

Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is aware of public knowledge of the vulnerability that is described in this advisory. Cisco PSIRT is aware of attempted malicious use of the vulnerability described in this advisory.


You best be patching those ASAs, people! GOGOGOGO DOO EET NAO!!!



unfortunately, we need to test,  with code that's less than 5 days out in public, and knowing how Cisco code has treated us in the past,  it's a tough call to have 100% in Cisco, ( look what happened with the .21 release)
:professorcat:

My Moral Fibers have been cut.

Otanx

We like to keep all our stuff on common releases anyway. So the requirement to patch if vulnerable or not isn't an issue for us. It actually benefits us because I can wave the cyber requirement flag to get my windows approved.

-Otanx

icecream-guy

#34
Quote from: Otanx on February 07, 2018, 02:17:03 PM
We like to keep all our stuff on common releases anyway. So the requirement to patch if vulnerable or not isn't an issue for us. It actually benefits us because I can wave the cyber requirement flag to get my windows approved.

-Otanx

our team of 5 manage about 200 ASA firewalls of various models and trains, (I know  :barf:)
between us we do a good amount of upgrades every month.
I don't think we ever get to finish a round, due to some vulnerability coming out every so frequently.
:professorcat:

My Moral Fibers have been cut.

Otanx

Ouch, that sucks. We are about the same size device count and staff, but 95% of ours are the same model.

-Otanx

deanwebb

Quote from: ristau5741 on February 07, 2018, 06:57:34 PM
Quote from: Otanx on February 07, 2018, 02:17:03 PM
We like to keep all our stuff on common releases anyway. So the requirement to patch if vulnerable or not isn't an issue for us. It actually benefits us because I can wave the cyber requirement flag to get my windows approved.

-Otanx

our team of 5 manage about 200 ASA firewalls of various models and trains, (I know  :barf:)
between us we do a good amount of upgrades every month.
I don't think we ever get to finish a round, due to some vulnerability coming out every so frequently.


That last bit is a serious, serious issue. Dang.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

icecream-guy

Quote from: deanwebb on February 08, 2018, 06:05:24 PM
Quote from: ristau5741 on February 07, 2018, 06:57:34 PM

I don't think we ever get to finish a round, due to some vulnerability coming out every so frequently.


That last bit is a serious, serious issue. Dang.

not so bad, were loading 9.1.7.16 now to stop that 215 day bug,  next week as we continue, we'll start loading  9.1.7.23, then jump back around to do the ones running 9.1.7.16.
:professorcat:

My Moral Fibers have been cut.