CVE-2014-0653

Vulnerability

The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software contains a vulnerability that allows remote attackers to trigger authentication-state modifications by sending a crafted NetBIOS logout probe response. This issue is identified by Bug ID CSCuj45340. The exact affected versions are not specified in the available references, but any ASA configuration with IDFW enabled is potentially vulnerable [1].

Exploitation

An attacker with network access to the ASA can send a specially crafted NetBIOS logout probe response to the device. No authentication is required for this action. The crafted response is processed by the IDFW component, leading to unintended changes in the authentication state of users or hosts.

Impact

Successful exploitation allows the attacker to modify the authentication state, which can result in bypassing identity-based firewall policies. This may enable unauthorized network access, privilege escalation, or disruption of identity-based access controls, compromising the confidentiality, integrity, and availability of the protected network.

Mitigation

As of the publication date (2014-01-08), Cisco has not released a software update to address this vulnerability. The Cisco Security Notice [1] does not provide a workaround. Administrators should monitor Cisco's advisory for updates. Potential mitigations include disabling IDFW if not required or restricting NetBIOS traffic to trusted sources only.