ແຈ້ງເຕືອນແລະຂໍ້ແນະນຳສຳຫລັບຊຽ່ວຊານ

Cisco ອອກແພັດແກ້ໄຂ​ (patch) ປິດຊ່ອງ​ໂຫວ່​ຮ້າຍແຮງ​

Cisco ໄດ້​ອອກແພັດແກ້ໄຂ​ ​ (patch) ຊ່ອງ​ໂຫວ່​ຮ້າຍແຮງ​ລະ​ດັບ​ສູງ​ສຸດ​ໃນ​ ASA (Adaptive Security Appliance) software

Cisco ASA Software ຖື​ວ່າເປັນ​ OS ຫຼັກ​ຂອງ​ Cisco ASA Family, ຊຶ່ງ​ມີ​ຄວາມ​ສາມາດ​ທັງ​ firewall, antivirus, intrusion prevention, ແລະ​ virtual private network (VPN).

ຈາກ​ການ​ເປີດ​ເຜີຍ​ security advisory ຂອງ​ Cisco ເຫັນວ່າ​ Cisco ASA Software ມີ​ຊ່ອງ  ໂຫວ່​ໃນ​ສ່ວນ​ operating system’s Secure Sockets Layer (SSL) VPN functionality.

ໂຕ CVE ທີ່​ໄດ້ຮັບ​ຄື​ CVE-2018-0101 ຊຶ່ງກະທົບ​ກັບ​ Cisco ASA ທີ່​ມີ​ການ​ເປີດ​ໃຊ້​ງານ​ webvpn ຊຶ່ງ​ມີ​ product ຫຼາຍ​ຕົວ​ທີ່​ມີ​ບໍ່​ວ່າ​ຈະ​ເປັນ​

— 3000 Series Industrial Security Appliance (ISA)
— ASA 5500 Series Adaptive Security Appliances
— ASA 5500-X Series Next-Generation Firewalls
— ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
— ASA 1000V Cloud Firewall
— Adaptive Security Virtual Appliance (ASAv)
— Firepower 2100 Series Security Appliance
— Firepower 4110 Security Appliance
— Firepower 9300 ASA Security Module
— Firepower Threat Defense Software (FTD)

Cisco ກ່າວ​ວ່າ ​ຊ່ອງ​ໂຫວ່​ດັ່ງ​ກ່າວ​ເຮັດໃຫ້ຜູ້ໂຈມຕີ​ (Attacker) ສາມາດ​ສົ່ງ​ XML ທີ່​ເປັນ​ອັນຕະລາຍ (malicious) ໄປ​ຫາ​ product ແລ້ວ​ເຮັດ​ remote code execution ໄດ້​ (XXE) ໂດຍ​ບໍ່​ຈຳ​ເປັນ​ຕ້ອງ​ມີ​ການ​ authentication​ ຊຶ່ງ​ CVSS score ຢູ່​ທີ່​ 10/10,​ ຜູ້​ທີ່​ລາຍ​ງານ​ຊ່ອງ​ໂຫວ່​ນີ້​ຄື​ Cedric Halbronn ຈາກ​ NCC Group ໂດຍ​ patch ນັ້ນ​ສາມາດ​ຫາ​ໄດ້​ຈາກ​ Cisco’s CWE-415 security advisory.

ທາງ​ Cisco ບອກ​ວ່າ​ບໍ່​ສາມາດ​ປ້ອງ​ກັນ​ຊ່ອງ​ໂຫວ່​ດັ່ງ​ກ່າວ​ໄດ້​ດ້ວຍ​ວິທີ​ອື່ນ​ນອກ​ຈາກ​ patch ເທົ່າ​ນັ້ນ​ ຫຼື ​ບໍ່​ດັ່ງນັ້ນກໍ່​ຕ້ອງ​ disable VPN function ໄວ້​ກ່ອນ.​

ເອກະສານອ້າງອີງ:

  1. https://www.techsuii.com/2018/01/30/cisco-fixes-remote-code-execution-bug-rated-10-out-of-10-on-severity-scale/
  2. https://www.bleepingcomputer.com/news/security/cisco-fixes-remote-code-execution-bug-rated-10-out-of-10-on-severity-scale/
  3. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1