Cisco ASA Remote Code Execution and Denial of Service Vulnerability (cisco-sa-20180129-asa1) (destructive check)
Critical Nessus Plugin ID 107004
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe Cisco Adaptive Security Appliance (ASA) software running on the remote device is affected by a remote code execution vulnerability due to an issue with allocating and freeing memory when processing a malicious XML payload. An unauthenticated, remote attacker can exploit the issue to cause a reload of the affected system or to remotely execute code.
SolutionUpgrade to the relevant fixed version referenced in Cisco security advisory cisco-sa-20180129-asa1.