Successful exploitation in this case means that unauthenticated, remote attackers could “execute arbitrary code within the [ASA] interface and access sensitive, browser-based information,” Tenable added. More specifically, they could modify the device’s configuration, according to Leo Pate, an application security consultant at nVisium.
However, the target would need to be logged into the ASA for the attackers to see any joy. “While this sounds dangerous, exploiting this vulnerability requires an administrative user to login and navigate to the webpage where the attacker uploaded the malicious code,” he added.
Updating to the latest versions of the affected devices’ software is of course recommended; however, there’s more that can be done to mitigate the vulnerability, nVisium’s Pate noted.
“Organizations can ask their internal teams if they need to use the web management interface, and if so, is it available to everyone on the internet or just internally to our organization? If the web management interface isn’t needed, then it should be disabled,” he told Threatpost.