Supplemental Direction ED 25-03: Core Dump and Hunt Instructions www.cisa.gov/news-even…

CISA is aware of a campaign being actively conducted by a sophisticated threat actor that exploits Cisco Adaptive Security Appliances (ASA) via web services. The campaign uses a URL path-normalization flaw that can bypass session verification for protected Clientless SSL VPN (WebVPN) endpoints, and a heap buffer overflow in the WebVPN file-upload handler that can lead to information disclosure. Software versions after 9.17.1.40, 9.18.4.41, 9.19.1.32, and 9.20+ are not vulnerable to the overflow because the handler was removed.