[c-nsp] Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module

Cisco Systems Product Security Incident Response Team psirt at cisco.com
Wed Oct 10 12:10:54 EDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security
Appliances and Cisco Catalyst 6500 Series ASA Services Module

Advisory ID: cisco-sa-20121010-asa

Revision 1.0

For Public Release 2012 October 10 16:00  UTC (GMT)
- ----------------------------------------------------------------------

Summary
=======

Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco
Catalyst 6500 Series ASA Services Module (ASASM) may be affected by
the following vulnerabilities:

DHCP Memory Allocation Denial of Service Vulnerability
SSL VPN Authentication Denial of Service Vulnerability
SIP Inspection Media Update Denial of Service Vulnerability
DCERPC Inspection Buffer Overflow Vulnerability
Two DCERPC Inspection Denial Of Service Vulnerabilities

These vulnerabilities are independent of each other; a release that is
affected by one of the vulnerabilities may not be affected by the
others.

Successful exploitation of any of these vulnerabilities could allow an
unauthenticated remote attacker to trigger a reload of the affected
device. Exploitation of the DCERPC Inspection Buffer Overflow
Vulnerability could additionally cause a stack overflow and possibly
the execution of arbitrary commands.

Cisco has released free software updates that address these
vulnerabilities. Workarounds are available for some of these
vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-asa

Note: The Cisco Firewall Services Module for Cisco Catalyst 6500 and
Cisco 7600 Series (FWSM) may be affected by some of the
vulnerabilities listed above. A separate Cisco Security Advisory has
been published to disclose the vulnerabilities that affect the Cisco
FWSM. This advisory is available at:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-fwsm

The Cisco ASA 1000V Cloud Firewall and Cisco ASA-CX Context-Aware
Security are not affected by any of these vulnerabilities.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlB1jRsACgkQUddfH3/BbTo1RwD+NHNKsAkrc/dZ+XAhDtqAyVIY
xaVp6BpwmKAnBbDtwVQA/jXPlWJbmNmSOiHTAI30KkXahf9Bi9+bIvnQyeUI6aUM
=Ncu5
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list