Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software

Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities:
IPsec VPN Crafted ICMP Packet Denial of Service Vulnerability 
SQL*Net Inspection Engine Denial of Service Vulnerability 
Digital Certificate Authentication Bypass Vulnerability 
Remote Access VPN Authentication Bypass Vulnerability 
Digital Certificate HTTP Authentication Bypass Vulnerability 
HTTP Deep Packet Inspection Denial of Service Vulnerability 
DNS Inspection Denial of Service Vulnerability 
AnyConnect SSL VPN Memory Exhaustion Denial of Service Vulnerability 
Clientless SSL VPN Denial of Service Vulnerability

These vulnerabilities are independent of one other; a release that is affected by one of the vulnerabilities may not be affected by the others.Cisco Security Advisory Multiple Vulnerabilities in Cisco ASA Software
Successful exploitation of the IPsec VPN Crafted ICMP Packet Denial of Service Vulnerability, SQL*Net Inspection Engine Denial of Service Vulnerability, HTTP Deep Packet Inspection Denial of Service Vulnerability, DNS Inspection Denial of Service Vulnerability, and Clientless SSL VPN Denial of Service Vulnerability may result in a reload of an affected device, leading to a denial of service (DoS) condition.

Successful exploitation of the Digital Certificate Authentication Bypass Vulnerability, Remote Access VPN Authentication Bypass Vulnerability, and Digital Certificate HTTP Authentication Bypass Vulnerability may result in an authentication bypass, which could allow the attacker access to the inside network via remote access VPN or management access to the affected system via the Cisco Adaptive Security Device Management (ASDM).

Successful exploitation of the AnyConnect SSL VPN Memory Exhaustion Denial of Service Vulnerability may exhaust available memory, which could result in general system instability and cause the affected system to become unresponsive and stop forwarding traffic.

Cisco has released free software updates that address these vulnerabilities. Workarounds are available for some of the vulnerabilities.

This advisory is available at the following link:  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa 

Note: The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers may be affected by the SQL*NetInspection Engine Denial of Service Vulnerability. A separate Cisco Security Advisory has been published to disclose the vulnerabilities that affect the Cisco FWSM. This advisory is available at:  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm 

More Related Topics:

Cisco Patches Flaw in Security Appliances, Switches, Routers

Cisco IOS Updates Fix Eight Denial of Service Vulnerabilities

Cisco to Unveil New Catalyst Access Switch to Converge Wired&Wireless Networking

Share This Post

Post Comment