Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
589
Views
5
Helpful
5
Replies

Cisco ASA5510 + XSS vulnerability - BugID CSCun19025

jacquesdejager_mbd
Level 1
Level 1

‎08-31-2014 05:49 AM

Hello All

We currently have a couple of Cisco ASA5510 with software version 9.1.5, the latest version available for this model.

We fail compliance because of BugID CSCun19025, this is fixed in 9.2.1 but this software version is unsupported on Cisco ASA5510.

According to Cisco bug report this issue is resolved in 9.1(5.3), but I cant find this specific version to download - does anyone know if this version will be released to support clients soon ?

Information sources :

https://tools.cisco.com/bugsearch/bug/CSCun19025

https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-008.txt

 

Thank you

Jacques de Jager

South Africa

Labels:
0 Helpful
5 Replies 5

Marius Gunnerud
VIP
VIP

‎09-01-2014 03:27 AM

This is an Interim image which can be found on the downloads page under the Interim tab on the left side.  The image is 9.1(5)12

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Marius Gunnerud
VIP
VIP
In response to Marius Gunnerud

‎09-01-2014 03:28 AM

Here is a link to the download page:

http://software.cisco.com/download/release.html?mdfid=279916854&flowid=4373&softwareid=280775065&release=9.0.3.ED&relind=AVAILABLE&rellifecycle=&reltype=latest

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

jacquesdejager_mbd
Level 1
Level 1
In response to Marius Gunnerud

‎09-14-2014 04:41 AM

Hello Marius --

Thank you for the reply, my apology for the late reply :

I applied the interim release and it doesn't seem to resolve the vulnerability when I perform a scan - but if I look at the Security Release notes it clearly specify the image resolve the problem.

Any comment --

   fw-office01# show version

   Cisco Adaptive Security Appliance Software Version 9.1(5)12
   Device Manager Version 7.2(1)

   Compiled on Wed 20-Aug-14 09:14 by builders
   System image file is "disk0:/asa915-12-k8.bin"

 

 

 

Preview file
38 KB
0 Helpful

Marius Gunnerud
VIP
VIP
In response to jacquesdejager_mbd

‎09-14-2014 01:46 PM

Yes, the release notes for the interim image state that the bug is fixed.  If you can prove that it is not fixed I suggest contacting Cisco and present your findings as this would most likely be affecting others as well.

As for solving your issue, upgrading to an ASA 5500X series firewall with version 9.2.1 might be the way to go...

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

jacquesdejager_mbd
Level 1
Level 1
In response to Marius Gunnerud

‎09-14-2014 02:50 PM

Hello Marius --

Problem is resolved, I did a IVS scan now and problem resolved.

When our budget allow I will upgrade to the X series :)!!

We have HA config with IPS - can get expensive.

 

Preview file
42 KB
0 Helpful
Customers Also Viewed These Support Documents