[c-nsp] Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Multiple Vulnerabilities in Cisco ASA Software Advisory ID: cisco-sa-20141008-asa http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa Revision 3.0 Last Updated 2015 July 8 21:04 UTC (GMT) For Public Release 2014 October 8 16:00 UTC (GMT) +- Summary === Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: Cisco ASA SQL*NET Inspection Engine Denial of Service Vulnerability Cisco ASA VPN Denial of Service Vulnerability Cisco ASA IKEv2 Denial of Service Vulnerability Cisco ASA Health and Performance Monitor Denial of Service Vulnerability Cisco ASA GPRS Tunneling Protocol Inspection Engine Denial of Service Vulnerability Cisco ASA SunRPC Inspection Engine Denial of Service Vulnerability Cisco ASA DNS Inspection Engine Denial of Service Vulnerability Cisco ASA VPN Failover Command Injection Vulnerability Cisco ASA VNMC Command Input Validation Vulnerability Cisco ASA Local Path Inclusion Vulnerability Cisco ASA Clientless SSL VPN Information Disclosure and Denial of Service Vulnerability Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability Cisco ASA Smart Call Home Digital Certificate Validation Vulnerability These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of the Cisco ASA SQL*NET Inspection Engine Denial of Service Vulnerability, Cisco ASA VPN Denial of Service Vulnerability, Cisco ASA IKEv2 Denial of Service Vulnerability, Cisco ASA Health and Performance Monitor Denial of Service Vulnerability, Cisco ASA GPRS Tunneling Protocol Inspection Engine Denial of Service Vulnerability, Cisco ASA SunRPC Inspection Engine Denial of Service Vulnerability, and Cisco ASA DNS Inspection Engine Denial of Service Vulnerability may result in a reload of an affected device, leading to a denial of service (DoS) condition. Successful exploitation of the Cisco ASA VPN Failover Command Injection Vulnerability, Cisco ASA VNMC Command Input Validation Vulnerability, and Cisco ASA Local Path Inclusion Vulnerability may result in full compromise of the affected system. Successful exploitation of the Cisco ASA Clientless SSL VPN Information Disclosure and Denial of Service Vulnerability may result in the disclosure of internal information or, in some cases, a reload of the affected system. Successful exploitation of the Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability may result in a compromise of the Clientless SSL VPN portal, which may lead to several types of attacks, which are not limited to cross-site scripting (XSS), stealing of credentials, or redirects of users to malicious web pages. Successful exploitation of the Cisco ASA Smart Call Home Digital Certificate Validation Vulnerability may result in a digital certificate validation bypass, which could allow the attacker to bypass digital certificate authentication and gain access inside the network via remote access VPN or management access to the affected system via the Cisco Adaptive Security Device Management (ASDM). 2015-July-08 UPDATE: Cisco PSIRT is aware of disruption to some Cisco customers with Cisco ASA devices affected by CVE-2014-3383, the Cisco ASA VPN Denial of Service Vulnerability that was disclosed in this Security Advisory. Traffic causing the disruption was isolated to a specific source IPv4 address. Cisco has engaged the provider and owner of that device and determined that the traffic was sent with no malicious intent. Cisco strongly recommends that customers upgrade to a fixed Cisco ASA software release to remediate this issue. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJVnjTyAAoJEIpI1I6i1Mx3RjwP/RvUACR95bYhiGShkRFed7SP wDEL7WNBor2EI58IlgEiyHeWgngheD2NreZ2VC7VdVETKFLPauvdZElNuz5r/Uy+ 06BkkE3w9Y/LVKbytUfCtCA+rH426M9AyX0oiG7PvYGsYmADIPri+H/Y3O6jKZjO 0pPW3hxiaDaiYTGvFwMsOSzcVLGJnJIn2+ikBCnwXrdrgSB0OGNmXwVxdNFeo6Qs qTGW5975HzSI4llgLANS2uYFysPu113xLUXs6qzjV9to3KBWD2fz0/shrSuNaqi3 0saMjeRsNCoMbqKIlSRDzb4w3IezyI5Dh+lk5QFEoGFfuWMmozAx8is8ydTTuY31 VMoKa5P9Xma5vJi/q8Artjisowjt22NQujgf6BcatZcVAOmMgF6X4ZJylzK9IqFi A15CPIWNLf60CQU4qJAjWc9ehPdnbVG96jdx7cOMX+9OODZS3DYX+X0WvjH3xzlK S3oDi50VMxBBn+BfzRYgH/Hr3llHyArLxM7NWzGvG6hPunuzuBNcZay64mtirc8p v4bO8if+MqCRSOTB7CnpJNRtoJyWEODAQfjv+KOlQGuLU5NDNKcByZN37V3kxvkP
[c-nsp] Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Multiple Vulnerabilities in Cisco ASA Software Advisory ID: cisco-sa-20150408-asa Revision 1.0 For Public Release 2015 April 8 16:00 UTC (GMT) +- Summary === Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: Cisco ASA Failover Command Injection Vulnerability Cisco ASA DNS Memory Exhaustion Vulnerability Cisco ASA VPN XML Parser Denial of Service Vulnerability Successful exploitation of the Cisco ASA Failover Command Injection Vulnerability would allow an attacker to submit failover commands to the failover units, which may result in an attacker taking full control of the systems. Successful exploitation of the Cisco ASA DNS Memory Exhaustion Vulnerability may result in system instability and dropped traffic. Successful exploitation of the Cisco ASA VPN XML Parser Denial of Service Vulnerability may result in a crash of the WebVPN process, which may lead to the reset of all SSL VPN connections, system instability, and a reload of the affected system. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available for the Cisco ASA Failover Command Injection Vulnerability and Cisco ASA DNS Memory Exhaustion Vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (SunOS) iQIVAwUBVSVT84pI1I6i1Mx3AQJwxw//as14VQOywXvym9zWeAnTr/znAvfoBlKx W4GkFk+00lI7n39cc9AD4qsTSBi+LJjDSc/Qsp2ocJVislsTrE57KG4oPP9mQS7f 1RU7Z8eDZLYH5rcU/Gb7dahIs0GLNr3ZO4m1ArA01J49W5wCN6R6PL4Qt2H41RNT +/Xo+ULufjKEIub+6hqsF4AyTB3Hg/S8u/NHrRn6xi+SPUv83JwAPTGRiJjZkWrD Q7N7vLTTj6kNhtDbn2AO0N5j0ZfHf/DAPs6lsR3Q7tcF+eJVMEKNFczSQWCWEiq4 gejIu6Hg4dY6gZsr+0aGx9plPYdp4Ofeu8JrhSPQbkUcnZ7RUjKnPwMcUIvETG3C 0FGsFsEC2DQtJJ8/SRDHWfDEb2p+ROlqGVKmGaYoavxFdPPOlvBDo4Mmhiy61Y5y orjqJk7iCBAv8VUDp9H6A1TkewXA6VHXKpXKbZ3vx+/JsmqQb1cSKVfSQMiiGPu/ +0OHZvyaOh2GGGnit6qk1/1sUerDZNLjlTeQ+TYDwPRGIeduwJfibnaXLp9wOkTv UoicR7laeB9oqwWpUxzmH6J5NrFdb2rP8ZgH8f1QDB3bHAJFmQ4Pp9ZkhydEMxAH 7ZyK2FmwElXVrqd7tqgrY5VUcsgKwTH6/SRD7Et+MAAhKFueDKQC3FJkfELzUk9D h4MUiEy8rJ0= =n67F -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Multiple Vulnerabilities in Cisco ASA Software Advisory ID: cisco-sa-20141008-asa Revision 2.0 Last Updated 2015 February 11 17:54 UTC (GMT) For Public Release 2014 October 8 16:00 UTC (GMT) Summary === *** Revision 2.0 Note: Please see the Software Versions and Fixes section, Important Note about Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability for updated information. *** Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: Cisco ASA SQL*NET Inspection Engine Denial of Service Vulnerability Cisco ASA VPN Denial of Service Vulnerability Cisco ASA IKEv2 Denial of Service Vulnerability Cisco ASA Health and Performance Monitor Denial of Service Vulnerability Cisco ASA GPRS Tunneling Protocol Inspection Engine Denial of Service Vulnerability Cisco ASA SunRPC Inspection Engine Denial of Service Vulnerability Cisco ASA DNS Inspection Engine Denial of Service Vulnerability Cisco ASA VPN Failover Command Injection Vulnerability Cisco ASA VNMC Command Input Validation Vulnerability Cisco ASA Local Path Inclusion Vulnerability Cisco ASA Clientless SSL VPN Information Disclosure and Denial of Service Vulnerability Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability Cisco ASA Smart Call Home Digital Certificate Validation Vulnerability These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of the Cisco ASA SQL*NET Inspection Engine Denial of Service Vulnerability, Cisco ASA VPN Denial of Service Vulnerability, Cisco ASA IKEv2 Denial of Service Vulnerability, Cisco ASA Health and Performance Monitor Denial of Service Vulnerability, Cisco ASA GPRS Tunneling Protocol Inspection Engine Denial of Service Vulnerability, Cisco ASA SunRPC Inspection Engine Denial of Service Vulnerability, and Cisco ASA DNS Inspection Engine Denial of Service Vulnerability may result in a reload of an affected device, leading to a denial of service (DoS) condition. Successful exploitation of the Cisco ASA VPN Failover Command Injection Vulnerability, Cisco ASA VNMC Command Input Validation Vulnerability, and Cisco ASA Local Path Inclusion Vulnerability may result in full compromise of the affected system. Successful exploitation of the Cisco ASA Clientless SSL VPN Information Disclosure and Denial of Service Vulnerability may result in the disclosure of internal information or, in some cases, a reload of the affected system. Successful exploitation of the Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability may result in a compromise of the Clientless SSL VPN portal, which may lead to several types of attacks, which are not limited to cross-site scripting (XSS), stealing of credentials, or redirects of users to malicious web pages. Successful exploitation of the Cisco ASA Smart Call Home Digital Certificate Validation Vulnerability may result in a digital certificate validation bypass, which could allow the attacker to bypass digital certificate authentication and gain access inside the network via remote access VPN or management access to the affected system via the Cisco Adaptive Security Device Management (ASDM). Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJU28PLAAoJEIpI1I6i1Mx3bSMP/jgP01l+AENISH9LbqQRgYLO hJJ5VrI0wnHt/wrb9kMbOrixjhOOMgSOuUm9xmMFymLje060Z4QbJaV2fPh/G6Po 71pOrlUWqnx8DrAJyowBvp/57X9JSeRHRbEIuLY0yHv3DEqFPL2HcBHLcs6rTMSV mbTDRVVMXCPOhqwbVygEgEHn6WNfP4sfZ39KYDbn4Z9aHXdZSa1gX0Mrw0vPq3Sx KAUUDJDnYKD7RaoobjV5z23/fb8G5E212Jql82x4QOswu+tCUT0H2E03aGBd7p3S VDa+VHGOVdg98kvg/fasNahYBdEcNjJOsP2XRFTr32jjEOAgAlZxH+G+6Azl+FCU dMNSeFADerAkYM6yRq/VdkhDqWd4mLmVUKlj7xa8S7tmlGl/6+x/nIhnKLNfoFHu AJpWAha175j02uLSICiVLUhs3v+Nypx8eV59X6M/XqNvfkFrqPq8jDIY9PDdm6ed HyVx4/Fqc8cyDNuwvX0a1lj6ZKb31kESjd0YYvT7FSPtnqtPwR+U6R/3KS4YI0eU LkrBmZ6rl5C5o3y716crF4WVVZCir7kBVmqKyjfLpVQ3p3yUJQ0gQiqFU1+i9GYh voLtT2FZH7n2+pJujar28EsL4PfTee243svrPrgVLgi3SomiGR/ue1ZG0xbJYS5V gCXy4KinIGorvsF/VJ+C =bTcn -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Multiple Vulnerabilities in Cisco ASA Software Advisory ID: cisco-sa-20141008-asa Revision 1.0 For Public Release 2014 October 8 16:00 UTC (GMT) Summary +== Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: Cisco ASA SQL*NET Inspection Engine Denial of Service Vulnerability Cisco ASA VPN Denial of Service Vulnerability Cisco ASA IKEv2 Denial of Service Vulnerability Cisco ASA High Performance Monitor Denial of Service Vulnerability Cisco ASA GPRS Tunneling Protocol Inspection Engine Denial of Service Vulnerability Cisco ASA SunRPC Inspection Engine Denial of Service Vulnerability Cisco ASA DNS Inspection Engine Denial of Service Vulnerability Cisco ASA VPN Failover Command Injection Vulnerability Cisco ASA VNMC Command Input Validation Vulnerability Cisco ASA Local Path Inclusion Vulnerability Cisco ASA Clientless SSL VPN Information Disclosure and Denial of Service Vulnerability Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability Cisco ASA Smart Call Home Digital Certificate Validation Vulnerability These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of the Cisco ASA SQL*NET Inspection Engine Denial of Service Vulnerability, Cisco ASA VPN Denial of Service Vulnerability, Cisco ASA IKEv2 Denial of Service Vulnerability, Cisco ASA High Performance Monitor Denial of Service Vulnerability, Cisco ASA GPRS Tunneling Protocol Inspection Engine Denial of Service Vulnerability, Cisco ASA SunRPC Inspection Engine Denial of Service Vulnerability, and Cisco ASA DNS Inspection Engine Denial of Service Vulnerability may result in a reload of an affected device, leading to a denial of service (DoS) condition. Successful exploitation of the Cisco ASA VPN Failover Command Injection Vulnerability, Cisco ASA VNMC Command Input Validation Vulnerability, and Cisco ASA Local Path Inclusion Vulnerability may result in full compromise of the affected system. Successful exploitation of the Cisco ASA Clientless SSL VPN Information Disclosure and Denial of Service Vulnerability may result in the disclosure of internal information or, in some cases, a reload of the affected system. Successful exploitation of the Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability may result in a compromise of the Clientless SSL VPN portal, which may lead to several types of attacks, which are not limited to cross-site scripting (XSS), stealing of credentials, or redirects of users to malicious web pages. Successful exploitation of the Cisco ASA Smart Call Home Digital Certificate Validation Vulnerability may result in a digital certificate validation bypass, which could allow the attacker to bypass digital certificate authentication and gain access inside the network via remote access VPN or management access to the affected system via the Cisco Adaptive Security Device Management (ASDM). Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUNUBiAAoJEIpI1I6i1Mx3hVAQAKtIV7wBHDjwlHPFj81eM7D0 xf96/YJYO4E1v+qX4waOURzuWf752JPXG00WeB7OXqQg15J6nGR1H4hc9rGyUGg1 fZEbaxBBzosGFK3kf/giONO1jSeRRsOPMVMTKVanCeRwUj/XSP3VeWdWK5BwjSYN 6MkcPryJjo0/7jisUh0SPUUq8OHFoqVtsx+AzLgdcWN5vpGhgSpJVX5WCSS+Mgu1 fAuY49zW/bO9K/oP8KQnzmU2TR6iSLLYwbfU6KglHc8OYVKa6A5cGvqaKWAhxnlX wV34Ry8AdkzFbHl/rZm8Qg+8urdtGEtQ5pGWOooMmNhu0ZToKNxIzneT3Kp01w1r vQoU+UPPKkAC6rmaI30t3ZyCSVvXxx1xXkskFs0LP59tm7d7EvoSyITeu4ytejiw ck1kFWA6gMZuQ2HWFkFo2SLoygS43tEwZzrx/uGJ1YwYPiED3kb7K8UpL3Zj5wD1 JyRog3+SrsYvlVJ2ZV4bTPCtJkbeiYGiuEZ/yC/1WheAiKbsVrurVXwynT0XJDpA 2BL9AdnHxEWYJd+gvBpoELfwSsVQk3WOY/PjmhWaiiRSQlAG4K2IPRugQf1eyJ5Q bjjCnkCproQWVqInCG8JUrTovyQEWe8mev2yMFm/e9zeaVtZhC/FyXG4+ImdXv58 z7tiykxJ8VKRkWGtqYK5 =HjcM -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
On Wed, Apr 09, 2014 at 12:05:46PM -0400, Cisco Systems Product Security Incident Response Team wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Multiple Vulnerabilities in Cisco ASA Software Advisory ID: cisco-sa-20140409-asa Revision 1.0 For Public Release 2014 April 9 16:00 UTC (GMT) Has anyone had any luck finding the fixed 8.3(2.40) images? The latest interims I can find are 2.39. Emailed TAC, but no response yet. -- Brandon Ewing(nicot...@warningg.com) pgprRSnkMrcu4.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
Hello. We had to request some of the images when we upgraded all our firewalls. Got a response from TAC an hour or so later, Bästa hälsningar / Best regards, Gustav Uhlander Senior Communication Infrastructure Engineer Steria AB Kungsbron 13 Box 169 SE-101 23 Stockholm Sweden Tel: +46 8 622 42 15 Fax: +46 8 622 42 23 Mobile: +46 70 962 71 03 gustav.ulan...@steria.se www.steria.se -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Brandon Ewing Sent: den 15 april 2014 20:14 To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software On Wed, Apr 09, 2014 at 12:05:46PM -0400, Cisco Systems Product Security Incident Response Team wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Multiple Vulnerabilities in Cisco ASA Software Advisory ID: cisco-sa-20140409-asa Revision 1.0 For Public Release 2014 April 9 16:00 UTC (GMT) Has anyone had any luck finding the fixed 8.3(2.40) images? The latest interims I can find are 2.39. Emailed TAC, but no response yet. -- Brandon Ewing(nicot...@warningg.com) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Multiple Vulnerabilities in Cisco ASA Software Advisory ID: cisco-sa-20140409-asa Revision 1.0 For Public Release 2014 April 9 16:00 UTC (GMT) Summary === Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: Cisco ASA ASDM Privilege Escalation Vulnerability Cisco ASA SSL VPN Privilege Escalation Vulnerability Cisco ASA SSL VPN Authentication Bypass Vulnerability Cisco ASA SIP Denial of Service Vulnerability These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of the Cisco ASA ASDM Privilege Escalation Vulnerability and the Cisco ASA SSL VPN Privilege Escalation Vulnerability may allow an attacker or an unprivileged user to elevate privileges and gain administrative access to the affected system. Successful exploitation of the Cisco ASA SSL VPN Authentication Bypass Vulnerability may allow an attacker to obtain unauthorized access to the internal network via SSL VPN. Successful exploitation of the Cisco ASA SIP Denial of Service Vulnerability may cause the exhaustion of available memory. This may cause system instability and in some cases lead to a reload of the affected system, creating a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available for some of the vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa Note: This security advisory does not provide information about the OpenSSL TLS Heartbeat Read Overrun Vulnerability identified by CVE-2014-0160 (also known as Heartbleed). For additional information regarding Cisco products affected by this vulnerability, refer to the Cisco Security Advisory available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTRW5YAAoJEIpI1I6i1Mx3eL0P/0B7V5l5M5++F8QuYHbKcg85 7Rn1IAOjIWJyWHT5JgGAbNvCfYHe4eTdTvF0ijP8DErhfbxWOA3D7EegJY3dw6fo fiKHVoxguR8F4GW4jTq8miHFu0rQ8Yke1lGJPGEN6EbNof+MzAihTnwFoh0miz/8 h8PaxUI+XRMh7DgvdWIwdItj0afmsBJ+4Un1XqDw5YuaeVGsl6sxCXgnS2WaaCkA tJWhtXi0//piAdEKyTmRgV+vUWSCMvm3cmMjl6RaIUNvPgwcryfaLn6HxuOAEYKL ayAabGJ2WFYJzYdbyyomccJ/5AEApFubdxXC8aQkzVqVXhypbedJCP8v+AVFZFth s8qNGJc+4XL7F/ZrNPi7qRJy0Ll+eQJ4+wyIXSWv7uPuGDXuWctfXckfFc+DhtJL z+wWwhsgvXjnzkO8zIqAAY9USXzoJ33U9PztLE6SnP7tuorCS5ls3RMXQylS0DRc OYzSnRn9p44xvpBldE9TWl9oxo5eWMXyPGqo/pHzU1nBEqXZJesAr+D9PRXZvOHk 7kxIfCAE/6VASiWa4WtQ1Mb1uV99s9KKQhn0fAv5Fg/0WH2Q/9fTtcyHqB4cWXLE 9bM2c26iZGrwuYiUonHwi3bi2gNbF3TLsmxvV+W7/NihdVgJwv+jAxLahSLQ6Vji 9g1oNfty2EMETTgUmjkL =8YEX -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software Advisory ID: cisco-sa-20131009-asa Revision 1.0 For Public Release 2013 October 9 16:00 UTC (GMT) +- Summary === Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: IPsec VPN Crafted ICMP Packet Denial of Service Vulnerability SQL*Net Inspection Engine Denial of Service Vulnerability Digital Certificate Authentication Bypass Vulnerability Remote Access VPN Authentication Bypass Vulnerability Digital Certificate HTTP Authentication Bypass Vulnerability HTTP Deep Packet Inspection Denial of Service Vulnerability DNS Inspection Denial of Service Vulnerability AnyConnect SSL VPN Memory Exhaustion Denial of Service Vulnerability Clientless SSL VPN Denial of Service Vulnerability These vulnerabilities are independent of one other; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of the IPsec VPN Crafted ICMP Packet Denial of Service Vulnerability, SQL*Net Inspection Engine Denial of Service Vulnerability, HTTP Deep Packet Inspection Denial of Service Vulnerability, DNS Inspection Denial of Service Vulnerability, and Clientless SSL VPN Denial of Service Vulnerability may result in a reload of an affected device, leading to a denial of service (DoS) condition. Successful exploitation of the Digital Certificate Authentication Bypass Vulnerability, Remote Access VPN Authentication Bypass Vulnerability, and Digital Certificate HTTP Authentication Bypass Vulnerability may result in an authentication bypass, which could allow the attacker access to the inside network via remote access VPN or management access to the affected system via the Cisco Adaptive Security Device Management (ASDM). Successful exploitation of the AnyConnect SSL VPN Memory Exhaustion Denial of Service Vulnerability may exhaust available memory, which could result in general system instability and cause the affected system to become unresponsive and stop forwarding traffic. Cisco has released free software updates that address these vulnerabilities. Workarounds are available for some of the vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa Note: The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers may be affected by the SQL*Net Inspection Engine Denial of Service Vulnerability. A separate Cisco Security Advisory has been published to disclose the vulnerabilities that affect the Cisco FWSM. This advisory is available at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) iF4EAREKAAYFAlJVVn0ACgkQUddfH3/BbTqWZwD/RwBC6JBngB+veDwlJnE/f0JZ iuuIjMkJNw/hIWUZBSgA+gMaBfPY40K8ORrja7Tf9cuThC8QxjtRmX/Rkj3Rx2P3 =9LM3 -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software Advisory ID: cisco-sa-20130410-asa Revision 1.0 For Public Release 2013 April 10 16:00 UTC (GMT) +-- Summary === Cisco ASA Software is affected by the following vulnerabilities: IKE Version 1 Denial of Service Vulnerability Crafted URL Denial of Service Vulnerability Denial of Service During Validation of Crafted Certificates DNS Inspection Denial of Service Vulnerability These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of any of these vulnerabilities may result in a reload of an affected device, leading to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds are available for some of these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asa Note: The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers may be affected by some of the vulnerabilities listed above. A separate Cisco Security Advisory has been published to disclose the vulnerabilities that affect the Cisco FWSM. This advisory is available at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-fwsm -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAlFlkRYACgkQUddfH3/BbTpxAQD/Zkba4GDth49SWailwZV871q2 ffeUbZzP4AzcT4zJTbYA/1nk8ZqZBfW9TCUenapRkiykoh14ATXnyjV5GqUtWiUa =Ds4x -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/