[c-nsp] Cisco Security Advisory: Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability
Cisco Systems Product Security Incident Response Team
psirt at cisco.com
Wed May 4 12:09:52 EDT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability
Advisory ID: cisco-sa-20160504-fpkern
Revision 1.0
For Public Release 2016 May 4 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the kernel logging configuration for Firepower System Software for the Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources.
The vulnerability is due to the logging of certain IP packets. An attacker could exploit this vulnerability by sending a flood of specially crafted IP packets to the affected device. An exploit could allow the attacker to cause the Cisco FirePOWER module to cease inspecting traffic or go offline.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-fpkern
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBVyAbtK89gD3EAJB5AQLENxAAprdyZgAuwqP+PyQ3PJuE6iLgyDDFTNpi
yZ0UfoCjJ1BmSFkc/dbdhMtPgAuKiMJhIlgsH1N+Aq3rxxoPlvh33woruEJeqjus
J/YqK/HRT+3oOzJTk9JklUqs6AYNgawjVofttsl3ITeshh8uOzPgIOxAUYSJOAy7
Ax6bwYDFNxP6+HuXT6QKU811WsPJ3BT3VebPw44E4drPoWkSHqp7j/Ga8ZFPGNWn
Cx9rz8PebImTRjKfgan9f50n1fEIElow1DedMFv5uthsf0iCU9etDbOXBL/Plmk8
gbbqJJVQkPUdFiMHbF1YipX3uzmPLKj9APOSezSYiV1pksTRBg4Pg/Ytgrgao8Dk
d/ipqv8I2XW0dnNdXwImVQ6MbZ9z68OmCR+xEbui6DEBTnD5SQQYO8fHKEJpUhCO
WdVd5diOhdMvxOzq3kWPwlZ8wkYlukGT9UTYRv2nsK3n8zqR0/NdYIKiYtnO4wI4
67/8Wx/Yw9ckZ79VOaMpbkulrnDQ+DOPqc1r5bia28w4jY1aq8MdyQsT1xbIiePl
euEtQXvqek+qHQQQy/dgMjNw7fivovo/sH1PXUEtXD3bnYDNhc2ProUcPr82JY9E
P/s5sLXwG95kV72hJN2BwN0bS7/FU/OlJ3QtkiUsBTGor/ZDgIGPJHCLvdTxCr9A
xQXI9bEKg3w=
=Nu46
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list