If you are receiving a severity 5 potential 5 on Cisco ASA for CVE-2018-0101, and even after patching to the recommended patch version by Cisco, which is:
Cisco Adaptive Security Appliance Software Version 9.6(4)5##
Qualys will still show CVE-2018-0101 until the scan is done as an Authenticated scan. Qualys is looking at the ISAKMP, that is why if the ASA is not using ISAKMP it will not report CVE-2018-0101.
Cisco Bug ID:CSCvg35618