Cisco vulnerabilities by product, model, software, and advisory.
LDAP and VPN Vulnerabilities in PIX and ASA Appliances
cisco-sa-20070502-asa · High · Published · Updated
Multiple vulnerabilities exist in the Cisco Adaptive Security Appliance (ASA) and PIX security appliances. These vulnerabilities include two Lightweight Directory Access Protocol (LDAP) authentication bypass vulnerabilities and two denial of service (DoS) vulnerabilities. The Lightweight Directory Access Protocol (LDAP) authentication bypass vulnerabilities are caused by a specific processing path followed when the device is setup to use a Lightweight Directory Access Protocol (LDAP) authentication server. These vulnerabilities may allow unauthenticated users to access either the internal network or the device itself. The two DoS vulnerabilities may be triggered when devices are terminating Virtual Private Networks (VPN). These denial of service vulnerabilities may allow an attacker to disconnect VPN users, prevent new connections, or prevent the device from transmitting traffic. These vulnerabilities are distributed in the authentication, IPSec VPN, and SSL VPN code. They are categorized in this advisory by their Cisco bug descriptions: LDAP Authentication Bypass Denial of Service in VPNs with Password Expiry Denial of Service in SSL VPNs Cisco has made free software available to address these vulnerabilities for affected customers. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070502-asa.