[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
From: Cisco Systems Product Security Incident Response Team <psirt@xxxxxxxxx>
Date: Wed, 9 Apr 2014 12:05:46 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in Cisco ASA Software

Advisory ID: cisco-sa-20140409-asa

Revision 1.0

For Public Release 2014 April 9 16:00  UTC (GMT)

Summary
=======

  Cisco Adaptive Security Appliance (ASA) Software is affected by the following 
vulnerabilities:
  Cisco ASA ASDM Privilege Escalation Vulnerability
  Cisco ASA SSL VPN Privilege Escalation Vulnerability
  Cisco ASA SSL VPN Authentication Bypass Vulnerability
  Cisco ASA SIP Denial of Service Vulnerability

These vulnerabilities are independent of one another; a release that is 
affected by one of the vulnerabilities may not be affected by the others.

Successful exploitation of the Cisco ASA ASDM Privilege Escalation 
Vulnerability and the Cisco ASA SSL VPN Privilege Escalation Vulnerability may 
allow an attacker or an unprivileged user to elevate privileges and gain 
administrative access to the affected system.

Successful exploitation of the Cisco ASA SSL VPN Authentication Bypass 
Vulnerability may allow an attacker to obtain unauthorized access to the 
internal network via SSL VPN.

Successful exploitation of the Cisco ASA SIP Denial of Service Vulnerability 
may cause the exhaustion of available memory. This may cause system instability 
and in some cases lead to a reload of the affected system, creating a denial of 
service (DoS) condition. 

Cisco has released free software updates that address these vulnerabilities. 
Workarounds that mitigate these vulnerabilities are available for some of the 
vulnerabilities.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa

Note: This security advisory does not provide information about the OpenSSL TLS 
Heartbeat Read Overrun Vulnerability identified by CVE-2014-0160 (also known as 
Heartbleed).  For additional information regarding Cisco products affected by 
this vulnerability, refer to the Cisco Security Advisory available at the 
following link:  
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTRW5YAAoJEIpI1I6i1Mx3eL0P/0B7V5l5M5++F8QuYHbKcg85
7Rn1IAOjIWJyWHT5JgGAbNvCfYHe4eTdTvF0ijP8DErhfbxWOA3D7EegJY3dw6fo
fiKHVoxguR8F4GW4jTq8miHFu0rQ8Yke1lGJPGEN6EbNof+MzAihTnwFoh0miz/8
h8PaxUI+XRMh7DgvdWIwdItj0afmsBJ+4Un1XqDw5YuaeVGsl6sxCXgnS2WaaCkA
tJWhtXi0//piAdEKyTmRgV+vUWSCMvm3cmMjl6RaIUNvPgwcryfaLn6HxuOAEYKL
ayAabGJ2WFYJzYdbyyomccJ/5AEApFubdxXC8aQkzVqVXhypbedJCP8v+AVFZFth
s8qNGJc+4XL7F/ZrNPi7qRJy0Ll+eQJ4+wyIXSWv7uPuGDXuWctfXckfFc+DhtJL
z+wWwhsgvXjnzkO8zIqAAY9USXzoJ33U9PztLE6SnP7tuorCS5ls3RMXQylS0DRc
OYzSnRn9p44xvpBldE9TWl9oxo5eWMXyPGqo/pHzU1nBEqXZJesAr+D9PRXZvOHk
7kxIfCAE/6VASiWa4WtQ1Mb1uV99s9KKQhn0fAv5Fg/0WH2Q/9fTtcyHqB4cWXLE
9bM2c26iZGrwuYiUonHwi3bi2gNbF3TLsmxvV+W7/NihdVgJwv+jAxLahSLQ6Vji
9g1oNfty2EMETTgUmjkL
=8YEX
-----END PGP SIGNATURE-----

Prev by Date: [ MDVSA-2014:073 ] file
Next by Date: [SECURITY] [DSA 2898-1] imagemagick security update
Previous by thread: [ MDVSA-2014:073 ] file
Next by thread: [SECURITY] [DSA 2898-1] imagemagick security update
Index(es):
- Date
- Thread