Cisco ASA Software SharePoint RAMFS Integrity And Lua Injection Vulnerabilities
4 Feb. 2015
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject Lua programs, and consequently cause a denial of service
* Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and later
A vulnerability in the SSL VPN code of Cisco ASA Software could allow an authenticated, remote attacker to overwrite arbitrary files present on the RAMFS file system or inject Lua scripts. The vulnerability is due to insufficient validation of the code that handles session information for the SSL VPN when a SharePoint handler is created. A SharePoint handler is created when a valid SharePoint connection is initiated. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected system. The SSL VPN feature must be configured for the system to be vulnerable.