Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Cisco ASA5510 + XSS vulnerability - BugID CSCun19025

Hello All

We currently have a couple of Cisco ASA5510 with software version 9.1.5, the latest version available for this model.

We fail compliance because of BugID CSCun19025, this is fixed in 9.2.1 but this software version is unsupported on Cisco ASA5510.

According to Cisco bug report this issue is resolved in 9.1(5.3), but I cant find this specific version to download - does anyone know if this version will be released to support clients soon ?

Information sources :

https://tools.cisco.com/bugsearch/bug/CSCun19025

https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-008.txt

 

Thank you

Jacques de Jager

South Africa

Everyone's tags (1)
5 REPLIES
VIP Green

This is an Interim image

This is an Interim image which can be found on the downloads page under the Interim tab on the left side.  The image is 9.1(5)12

--

Please remember to select a correct answer and rate helpful posts

-- Please remember to rate and select a correct answer
VIP Green

Here is a link to the

Here is a link to the download page:

http://software.cisco.com/download/release.html?mdfid=279916854&flowid=4373&softwareid=280775065&release=9.0.3.ED&relind=AVAILABLE&rellifecycle=&reltype=latest

--

Please remember to select a correct answer and rate helpful posts

-- Please remember to rate and select a correct answer

Hello Marius --Thank you for

Hello Marius --

Thank you for the reply, my apology for the late reply :

I applied the interim release and it doesn't seem to resolve the vulnerability when I perform a scan - but if I look at the Security Release notes it clearly specify the image resolve the problem.

Any comment --

   fw-office01# show version

   Cisco Adaptive Security Appliance Software Version 9.1(5)12
   Device Manager Version 7.2(1)

   Compiled on Wed 20-Aug-14 09:14 by builders
   System image file is "disk0:/asa915-12-k8.bin"

 

 

 

VIP Green

Yes, the release notes for

Yes, the release notes for the interim image state that the bug is fixed.  If you can prove that it is not fixed I suggest contacting Cisco and present your findings as this would most likely be affecting others as well.

As for solving your issue, upgrading to an ASA 5500X series firewall with version 9.2.1 might be the way to go...

--

Please remember to select a correct answer and rate helpful posts

-- Please remember to rate and select a correct answer

Hello Marius --Problem is

Hello Marius --

Problem is resolved, I did a IVS scan now and problem resolved.

When our budget allow I will upgrade to the X series :)!!

We have HA config with IPS - can get expensive.

 

177
Views
5
Helpful
5
Replies