[c-nsp] Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
Cisco Systems Product Security Incident Response Team
psirt at cisco.com
Wed Apr 10 13:11:36 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
Advisory ID: cisco-sa-20130410-asa
Revision 1.0
For Public Release 2013 April 10 16:00 UTC (GMT)
+----------------------------------------------------------------------
Summary
=======
Cisco ASA Software is affected by the following vulnerabilities:
IKE Version 1 Denial of Service Vulnerability
Crafted URL Denial of Service Vulnerability
Denial of Service During Validation of Crafted Certificates
DNS Inspection Denial of Service Vulnerability
These vulnerabilities are independent of each other; a release that
is affected by one of the vulnerabilities may not be affected by the
others.
Successful exploitation of any of these vulnerabilities may result in
a reload of an affected device, leading to a denial of service (DoS)
condition.
Cisco has released free software updates that address these
vulnerabilities. Workarounds are available for some of these
vulnerabilities.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asa
Note: The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500
Series Switches and Cisco 7600 Series Routers may be affected by some
of the vulnerabilities listed above. A separate Cisco Security Advisory
has been published to disclose the vulnerabilities that affect the Cisco
FWSM. This advisory is available at
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-fwsm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAlFlkRYACgkQUddfH3/BbTpxAQD/Zkba4GDth49SWailwZV871q2
ffeUbZzP4AzcT4zJTbYA/1nk8ZqZBfW9TCUenapRkiykoh14ATXnyjV5GqUtWiUa
=Ds4x
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list