[c-nsp] Cisco Security Advisory: Cisco ASA Software Local Certificate Authority Denial of Service Vulnerability

Cisco Systems Product Security Incident Response Team psirt at cisco.com
Wed Oct 19 12:04:39 EDT 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco ASA Software Local Certificate Authority Denial of Service Vulnerability

Advisory ID: cisco-sa-20161019-asa-ca

Revision: 1.0

For Public Release 2016 October 19 16:00  GMT

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system.

The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit this vulnerability by sending a crafted enrollment request to the affected system. An exploit could allow the attacker to cause the reload of the affected system.

Note: Only HTTPS packets directed to the Cisco ASA interface, where the local CA is allowing user enrollment, can be used to trigger this vulnerability. This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-ca


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBWAeXh689gD3EAJB5AQLS6Q/+MeNTBcCHRaBRbNs3PYprDG+Xitotjnjh
fR05wuy88NUaC8hpO2rdRvXr46nh+uihdMtsPQKxFVMOGNV5Rti3aOsynYAxsDDY
9XqmMfn4ZiXHM/VPaglwzhmXibgtlVpGFy3q6YD0JRsPtHPqmBTFYVnvhPhP6LsX
XUK5ZyoGRWOIo3T+hlXACHVRs+ZYnhR9uTswtc5Y4PLrv8yZFq+jb+N97wcDqc9A
XfX4QIcZydfmRAX+qeZrtNgBefizXuQJNStYK6QmSC87DCjItiVAejU/gT56ghcw
mQMaX2BiES2hsJnbdfCvA4lc733KRnnrb+6i/T4/HDrQLjtjsIgxoe7MaXOTKc0T
OJaq0K96fZKLF7koIo71fIUq/c1ZUXgx12kI8sXFKSaYc2H9m+2nZKe0BCja5tlK
D/r2S9ulUxixL1PVNfoBaO+5eYOFVfOXVRcn/ISbvFtvTVNERvkeqpZpHv2GMMqn
xKXjcUTaBgDojgbeNt+D2325Fa0+DDFJmWbRmjA0qDu8aUCAgIEk2ocwKWpsLl/j
rWHot3sgBFmRra2NmXuEJrYIVlJzMUNofPMI2IWUtvq6aPt7KihJcE0YIbKOIXGF
9ldK+vUDRwvnRiNI+IGjDlP3ZWER/b15U6YtXC1K6K0PyuVx6ic6Nh/voCuyCofO
FpkTHLdOlV8=
=jPap
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list