[c-nsp] Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software

Cisco Systems Product Security Incident Response Team psirt at cisco.com
Wed Apr 10 13:11:36 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software

Advisory ID: cisco-sa-20130410-asa

Revision 1.0

For Public Release 2013 April 10 16:00  UTC (GMT) 

+----------------------------------------------------------------------

Summary
=======

Cisco ASA Software is affected by the following vulnerabilities:

    IKE Version 1 Denial of Service Vulnerability
    Crafted URL Denial of Service Vulnerability
    Denial of Service During Validation of Crafted Certificates
    DNS Inspection Denial of Service Vulnerability

These vulnerabilities are independent of each other; a release that
is affected by one of the vulnerabilities may not be affected by the
others.

Successful exploitation of any of these vulnerabilities may result in
a reload of an affected device, leading to a denial of service (DoS)
condition.

Cisco has released free software updates that address these
vulnerabilities. Workarounds are available for some of these
vulnerabilities.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asa

Note: The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500
Series Switches and Cisco 7600 Series Routers may be affected by some
of the vulnerabilities listed above. A separate Cisco Security Advisory
has been published to disclose the vulnerabilities that affect the Cisco
FWSM. This advisory is available at

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-fwsm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iF4EAREIAAYFAlFlkRYACgkQUddfH3/BbTpxAQD/Zkba4GDth49SWailwZV871q2
ffeUbZzP4AzcT4zJTbYA/1nk8ZqZBfW9TCUenapRkiykoh14ATXnyjV5GqUtWiUa
=Ds4x
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list