[c-nsp] Cisco Security Advisory: Cisco ASA Software VPN ISAKMP Denial of Service Vulnerability

Cisco Systems Product Security Incident Response Team psirt at cisco.com
Wed Oct 21 12:44:35 EDT 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco ASA Software VPN ISAKMP Denial of Service Vulnerability

Advisory ID: cisco-sa-20151021-asa-ike

Revision 1.0

For Public Release 2015 October 21 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) code of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected system to reload.

The vulnerability is due to improper handling of Internet Security Association and Key Management Protocol (ISAKMP) packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. A successful exploit could allow the attacker to cause an affected system to reload.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-ike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJWJ6PHAAoJEIpI1I6i1Mx3pt4P/1sUeHJRsiJXH6Pga4YzUgcV
h8qqo8k+GWv5/yqEwaJOV6TubBjkqKL+noGEpJCFTJhfvYYEhKDkusYlAf3KJChS
k49XEOSmufhoNEYqMrBVhTovvYomhyA+pMWxk6TBWx2J7foYkve7GzQKLz5UUlgw
2Un5MM6eYQvbYyrr0fCqS46jJ9d8cZdwMZdW6KBgqe2EnSwM9ZgHZrMJkR2hh5pF
wm3Gr1hvKANVL44EEEdd2O/x2eiBsduP0+fP1pxLVgmMZ/qh/E+fCEOpMke6pJHl
r5i/hJUJ3Eb0sB9wFtxQGrHWsEyLzyNx+4y7inZb1ZB4wwEYsuAMTUhtNFHvZANY
Krh6xZ+LtJ34+ZzZ4umlBBJWEX3RR2AKo+sLUGDZ9GcqUuF8YplhvJ1QDM0+aJxA
bRkfZgfHYEeQd/PVCavjjpTqeE8Y8dbqQKRriNSHB0+DxMt0tYDWWswMdxskqvhL
f4uaS2nl00Z8OzLeDTCce0t9bYdIQiG3VRya4iUM1+K4fOqhoxPMekX3pCXKP1Jt
2YpGFDkT8NW6nS40oz10kXo7sARERJdCy3+pQZbbN0PzygbeOAFJ/wND2s5t7Z2/
oeDumB3rGnxxTOwtOe8iPaT2hub8oh2zMs/aT9I+uvZqdSNt7ev1K2u8zuaC/gne
Lft0MNDnWp3Gn0ARWMho
=GjNO
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list