[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
- From: Cisco Systems Product Security Incident Response Team <psirt@xxxxxxxxx>
- Date: Wed, 11 Feb 2015 16:11:32 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Multiple Vulnerabilities in Cisco ASA Software
Advisory ID: cisco-sa-20141008-asa
Revision 2.0
Last Updated 2015 February 11 17:54 UTC (GMT)
For Public Release 2014 October 8 16:00 UTC (GMT)
Summary
=======
*** Revision 2.0 Note: Please see the Software Versions and Fixes section,
"Important Note about Cisco ASA Clientless SSL VPN Portal Customization
Integrity Vulnerability" for updated information. ***
Cisco Adaptive Security Appliance (ASA) Software is affected by the following
vulnerabilities:
Cisco ASA SQL*NET Inspection Engine Denial of Service Vulnerability
Cisco ASA VPN Denial of Service Vulnerability
Cisco ASA IKEv2 Denial of Service Vulnerability
Cisco ASA Health and Performance Monitor Denial of Service Vulnerability
Cisco ASA GPRS Tunneling Protocol Inspection Engine Denial of Service
Vulnerability
Cisco ASA SunRPC Inspection Engine Denial of Service Vulnerability
Cisco ASA DNS Inspection Engine Denial of Service Vulnerability
Cisco ASA VPN Failover Command Injection Vulnerability
Cisco ASA VNMC Command Input Validation Vulnerability
Cisco ASA Local Path Inclusion Vulnerability
Cisco ASA Clientless SSL VPN Information Disclosure and Denial of Service
Vulnerability
Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability
Cisco ASA Smart Call Home Digital Certificate Validation Vulnerability
These vulnerabilities are independent of one another; a release that is
affected by one of the vulnerabilities may not be affected by the others.
Successful exploitation of the Cisco ASA SQL*NET Inspection Engine Denial of
Service Vulnerability, Cisco ASA VPN Denial of Service Vulnerability, Cisco ASA
IKEv2 Denial of Service Vulnerability, Cisco ASA Health and Performance Monitor
Denial of Service Vulnerability, Cisco ASA GPRS Tunneling Protocol Inspection
Engine Denial of Service Vulnerability, Cisco ASA SunRPC Inspection Engine
Denial of Service Vulnerability, and Cisco ASA DNS Inspection Engine Denial of
Service Vulnerability may result in a reload of an affected device, leading to
a denial of service (DoS) condition.
Successful exploitation of the Cisco ASA VPN Failover Command Injection
Vulnerability, Cisco ASA VNMC Command Input Validation Vulnerability, and Cisco
ASA Local Path Inclusion Vulnerability may result in full compromise of the
affected system.
Successful exploitation of the Cisco ASA Clientless SSL VPN Information
Disclosure and Denial of Service Vulnerability may result in the disclosure of
internal information or, in some cases, a reload of the affected system.
Successful exploitation of the Cisco ASA Clientless SSL VPN Portal
Customization Integrity Vulnerability may result in a compromise of the
Clientless SSL VPN portal, which may lead to several types of attacks, which
are not limited to cross-site scripting (XSS), stealing of credentials, or
redirects of users to malicious web pages.
Successful exploitation of the Cisco ASA Smart Call Home Digital Certificate
Validation Vulnerability may result in a digital certificate validation bypass,
which could allow the attacker to bypass digital certificate authentication and
gain access inside the network via remote access VPN or management access to
the affected system via the Cisco Adaptive Security Device Management (ASDM).
Cisco has released free software updates that address these vulnerabilities.
Workarounds that mitigate some of these vulnerabilities are available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJU28PLAAoJEIpI1I6i1Mx3bSMP/jgP01l+AENISH9LbqQRgYLO
hJJ5VrI0wnHt/wrb9kMbOrixjhOOMgSOuUm9xmMFymLje060Z4QbJaV2fPh/G6Po
71pOrlUWqnx8DrAJyowBvp/57X9JSeRHRbEIuLY0yHv3DEqFPL2HcBHLcs6rTMSV
mbTDRVVMXCPOhqwbVygEgEHn6WNfP4sfZ39KYDbn4Z9aHXdZSa1gX0Mrw0vPq3Sx
KAUUDJDnYKD7RaoobjV5z23/fb8G5E212Jql82x4QOswu+tCUT0H2E03aGBd7p3S
VDa+VHGOVdg98kvg/fasNahYBdEcNjJOsP2XRFTr32jjEOAgAlZxH+G+6Azl+FCU
dMNSeFADerAkYM6yRq/VdkhDqWd4mLmVUKlj7xa8S7tmlGl/6+x/nIhnKLNfoFHu
AJpWAha175j02uLSICiVLUhs3v+Nypx8eV59X6M/XqNvfkFrqPq8jDIY9PDdm6ed
HyVx4/Fqc8cyDNuwvX0a1lj6ZKb31kESjd0YYvT7FSPtnqtPwR+U6R/3KS4YI0eU
LkrBmZ6rl5C5o3y716crF4WVVZCir7kBVmqKyjfLpVQ3p3yUJQ0gQiqFU1+i9GYh
voLtT2FZH7n2+pJujar28EsL4PfTee243svrPrgVLgi3SomiGR/ue1ZG0xbJYS5V
gCXy4KinIGorvsF/VJ+C
=bTcn
-----END PGP SIGNATURE-----