CISCO-SA-HTTP-CODE-EXEC-WMFP3H3O

Vulnerable Products:

This vulnerability affects the following Cisco products:

Secure Firewall ASA Software and Secure Firewall FTD Software if they have one or more of the vulnerable configurations that are listed in the following tables. (CSCwo18850 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwo18850"]) IOS Software if they have the Remote Access SSL VPN feature enabled. (CSCwo35704 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwo35704"]) IOS XE Software if they have the Remote Access SSL VPN feature enabled. (CSCwo35704 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwo35704"], CSCwo35779 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwo35779"]) IOS XR Software (32-bit) if it is running on Cisco ASR 9001 Routers that have the HTTP server enabled. (CSCwo49562 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwo49562"])

For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory. Determine the Device Configuration To determine whether a device has a vulnerable configuration, see the following software-specific sections.

Cisco Secure Firewall ASA Software

In the following table, the left column lists Cisco Secure Firewall ASA Software features that are potentially vulnerable. The right column indicates the basic configuration for the feature from the show running-config CLI command, if it can be determined. These features could cause the SSL listen sockets to be enabled. Cisco Secure Firewall ASA Software Feature Possible Vulnerable Configuration Mobile User Security (MUS) webvpn mus password mus server enable port <Port_number> mus <IPv4_address> <IPv4_mask> <interface_name> SSL VPN webvpn enable <interface_name>

Cisco Secure Firewall FTD Software

In the following table, the left column lists Cisco Secure Firewall FTD Software features that are potentially vulnerable. The right column indicates the basic configuration for...