-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
Advisory ID: cisco-sa-20131009-asa
Revision 1.0
For Public Release 2013 October 9 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
Cisco Adaptive Security Appliance (ASA) Software is affected by the following
vulnerabilities:
IPsec VPN Crafted ICMP Packet Denial of Service Vulnerability
SQL*Net Inspection Engine Denial of Service Vulnerability
Digital Certificate Authentication Bypass Vulnerability
Remote Access VPN Authentication Bypass Vulnerability
Digital Certificate HTTP Authentication Bypass Vulnerability
HTTP Deep Packet Inspection Denial of Service Vulnerability
DNS Inspection Denial of Service Vulnerability
AnyConnect SSL VPN Memory Exhaustion Denial of Service Vulnerability
Clientless SSL VPN Denial of Service Vulnerability
These vulnerabilities are independent of one other; a release that is affected
by one of the vulnerabilities may not be affected by the others.
Successful exploitation of the IPsec VPN Crafted ICMP Packet Denial of Service
Vulnerability, SQL*Net Inspection Engine Denial of Service Vulnerability, HTTP
Deep Packet Inspection Denial of Service Vulnerability, DNS Inspection Denial
of Service Vulnerability, and Clientless SSL VPN Denial of Service
Vulnerability may result in a reload of an affected device, leading to a denial
of service (DoS) condition.
Successful exploitation of the Digital Certificate Authentication Bypass
Vulnerability, Remote Access VPN Authentication Bypass Vulnerability, and
Digital Certificate HTTP Authentication Bypass Vulnerability may result in an
authentication bypass, which could allow the attacker access to the inside
network via remote access VPN or management access to the affected system via
the Cisco Adaptive Security Device Management (ASDM).
Successful exploitation of the AnyConnect SSL VPN Memory Exhaustion Denial of
Service Vulnerability may exhaust available memory, which could result in
general system instability and cause the affected system to become unresponsive
and stop forwarding traffic.
Cisco has released free software updates that address these vulnerabilities.
Workarounds are available for some of the vulnerabilities.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa
Note: The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series
Switches and Cisco 7600 Series Routers may be affected by the SQL*Net
Inspection Engine Denial of Service Vulnerability. A separate Cisco Security
Advisory has been published to disclose the vulnerabilities that affect the
Cisco FWSM. This advisory is available at:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
iF4EAREKAAYFAlJVVn0ACgkQUddfH3/BbTqWZwD/RwBC6JBngB+veDwlJnE/f0JZ
iuuIjMkJNw/hIWUZBSgA+gMaBfPY40K8ORrja7Tf9cuThC8QxjtRmX/Rkj3Rx2P3
=9LM3
-----END PGP SIGNATURE-----
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
