Vulnslist

find the latest Cisco vulnerabilities

Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module

cisco-sa-20121010-asa · Critical · Published · Updated

Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) may be affected by the following vulnerabilities: DHCP Memory Allocation Denial of Service Vulnerability SSL VPN Authentication Denial of Service Vulnerability SIP Inspection Media Update Denial of Service Vulnerability DCERPC Inspection Buffer Overflow Vulnerability Two DCERPC Inspection Denial Of Service Vulnerabilities These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of any of these vulnerabilities could allow an unauthenticated remote attacker to trigger a reload of the affected device. Exploitation of the DCERPC Inspection Buffer Overflow Vulnerability could additionally cause a stack overflow and possibly the execution of arbitrary commands. Cisco has released software updates that address these vulnerabilities. Workarounds are available for some of these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-asa Note: The Cisco Firewall Services Module for Cisco Catalyst 6500 and Cisco 7600 Series (FWSM) may be affected by some of the vulnerabilities listed above. A separate Cisco Security Advisory has been published to disclose the vulnerabilities that affect the Cisco FWSM. This advisory is available at: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-fwsm The Cisco ASA 1000V Cloud Firewall and Cisco ASA-CX Context-Aware Security are not affected by any of these vulnerabilities.

Cisco advisory ·CSAF JSON

Workarounds

The following section contains information about a workaround, if available, for each vulnerability described in this security advisory.

DHCP Memory Allocation Denial of Service Vulnerability

Besides disabling the DHCP server and DHCP relay features, there are no workarounds that mitigate this vulnerability.

SSL VPN Authentication Denial of Service Vulnerability

There are no workarounds that mitigate this vulnerability.

SIP Inspection Media Update Denial of Service Vulnerability

Disabling SIP inspection will mitigate this vulnerability.

The following commands will disable the SIP inspection that is configured by default:

ciscoasa(config)# policy-map global_policy
ciscoasa(config-pmap)# class inspection_default
ciscoasa(config-pmap-c)# no inspect sip

DCERPC Inspection Buffer Overflow Vulnerability and DCERPC Inspection Denial Of
Service Vulnerabilities

Besides disabling the DCERPC inspection, there are no workarounds that mitigate these vulnerabilities.

CVEsCVE-2012-4643, CVE-2012-4659, CVE-2012-4660, CVE-2012-4661, CVE-2012-4662, CVE-2012-4663
Cisco Bug IDsCSCtr21346, CSCtr21359, CSCtr21376, CSCtr27521, CSCtr27522, CSCtr27524, CSCtr63728, CSCtw84068, CSCtz04566
CVSS ScoreBase 7.1
Base 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
Base 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
Base 9.0 AV:N/AC:M/Au:N/C:C/I:P/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco Firewall Services Module (FWSM), Cisco Adaptive Security Appliance (ASA) Software 7.0.1, Cisco Adaptive Security Appliance (ASA) Software 7.0.1.4, Cisco Adaptive Security Appliance (ASA) Software 7.0.4, Cisco Adaptive Security Appliance (ASA) Software 7.0.4.2, Cisco Adaptive Security Appliance (ASA) Software 7.0.2, Cisco Adaptive Security Appliance (ASA) Software 7.0.3, Cisco Adaptive Security Appliance (ASA) Software 7.0.7.1, Cisco Adaptive Security Appliance (ASA) Software 7.0.8, Cisco Adaptive Security Appliance (ASA) Software 7.0.7, Cisco Adaptive Security Appliance (ASA) Software 7.0.6, Cisco Adaptive Security Appliance (ASA) Software 7.0.5, Cisco Adaptive Security Appliance (ASA) Software 7.0.5.12, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.4, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.8, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.18, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.22, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.26, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.29, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.32, Cisco Adaptive Security Appliance (ASA) Software 7.0.7.4, Cisco Adaptive Security Appliance (ASA) Software 7.0.7.9, Cisco Adaptive Security Appliance (ASA) Software 7.0.7.12, Cisco Adaptive Security Appliance (ASA) Software 7.0.8.2, Cisco Adaptive Security Appliance (ASA) Software 7.0.8.8, Cisco Adaptive Security Appliance (ASA) Software 7.0.8.12, Cisco Adaptive Security Appliance (ASA) Software 7.0.8.13, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.61, Cisco Adaptive Security Appliance (ASA) Software 7.1.2, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.81, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.64, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.72, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.16, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.20, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.24, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.28, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.38, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.42, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.46, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.49, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.53, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.34, Cisco Adaptive Security Appliance (ASA) Software 7.2.3.1, Cisco Adaptive Security Appliance (ASA) Software 7.2.2, Cisco Adaptive Security Appliance (ASA) Software 7.2.4, Cisco Adaptive Security Appliance (ASA) Software 7.2.3, Cisco Adaptive Security Appliance (ASA) Software 7.2.1, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.27, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.30, Cisco Adaptive Security Appliance (ASA) Software 7.2.5, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.33, Cisco Adaptive Security Appliance (ASA) Software 7.2.1.9, Cisco Adaptive Security Appliance (ASA) Software 7.2.1.13, Cisco Adaptive Security Appliance (ASA) Software 7.2.1.19, Cisco Adaptive Security Appliance (ASA) Software 7.2.1.24, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.6, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.10, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.14, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.18, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.19, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.22, Cisco Adaptive Security Appliance (ASA) Software 7.2.3.12, Cisco Adaptive Security Appliance (ASA) Software 7.2.3.16, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.6, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.9, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.18, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.25, Cisco Adaptive Security Appliance (ASA) Software 7.2.5.2, Cisco Adaptive Security Appliance (ASA) Software 7.2.5.4, Cisco Adaptive Security Appliance (ASA) Software 7.2.5.7, Cisco Adaptive Security Appliance (ASA) Software 8.0.2.11, Cisco Adaptive Security Appliance (ASA) Software 8.0.4, Cisco Adaptive Security Appliance (ASA) Software 8.0.3, Cisco Adaptive Security Appliance (ASA) Software 8.0.2, Cisco Adaptive Security Appliance (ASA) Software 8.0.1.2, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.25, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.28, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.33, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.32, Cisco Adaptive Security Appliance (ASA) Software 8.0.5, Cisco Adaptive Security Appliance (ASA) Software 8.0.2.15, Cisco Adaptive Security Appliance (ASA) Software 8.0.3.6, Cisco Adaptive Security Appliance (ASA) Software 8.0.3.12, Cisco Adaptive Security Appliance (ASA) Software 8.0.3.19, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.3, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.9, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.16, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.23, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.31, Cisco Adaptive Security Appliance (ASA) Software 8.0.5.20, Cisco Adaptive Security Appliance (ASA) Software 8.0.5.23, Cisco Adaptive Security Appliance (ASA) Software 8.0.5.25, Cisco Adaptive Security Appliance (ASA) Software 8.0.5.27, Cisco Adaptive Security Appliance (ASA) Software 8.2.0.45, Cisco Adaptive Security Appliance (ASA) Software 8.2.1, Cisco Adaptive Security Appliance (ASA) Software 8.2.2, Cisco Adaptive Security Appliance (ASA) Software 8.2.2.10, Cisco Adaptive Security Appliance (ASA) Software 8.2.3, Cisco Adaptive Security Appliance (ASA) Software 8.2.4, Cisco Adaptive Security Appliance (ASA) Software 8.2.1.11, Cisco Adaptive Security Appliance (ASA) Software 8.2.2.9, Cisco Adaptive Security Appliance (ASA) Software 8.2.2.12, Cisco Adaptive Security Appliance (ASA) Software 8.2.2.16, Cisco Adaptive Security Appliance (ASA) Software 8.2.4.1, Cisco Adaptive Security Appliance (ASA) Software 8.2.4.4, Cisco Adaptive Security Appliance (ASA) Software 8.2.5, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.13, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.22, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.26, Cisco Adaptive Security Appliance (ASA) Software 8.2.2.17, Cisco Adaptive Security Appliance (ASA) Software 8.1.1, Cisco Adaptive Security Appliance (ASA) Software 8.1.2, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.15, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.16, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.19, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.23, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.24, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.50, Cisco Adaptive Security Appliance (ASA) Software 8.1.1.6, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.13, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.49, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.55, Cisco Adaptive Security Appliance (ASA) Software 8.3.1.1, Cisco Adaptive Security Appliance (ASA) Software 8.3.1, Cisco Adaptive Security Appliance (ASA) Software 8.3.2, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.23, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.25, Cisco Adaptive Security Appliance (ASA) Software 8.3.1.4, Cisco Adaptive Security Appliance (ASA) Software 8.3.1.6, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.4, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.13, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.31, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.33, Cisco Adaptive Security Appliance (ASA) Software 8.4.1, Cisco Adaptive Security Appliance (ASA) Software 8.4.2, Cisco Adaptive Security Appliance (ASA) Software 8.4.1.3, Cisco Adaptive Security Appliance (ASA) Software 8.4.1.11, Cisco Adaptive Security Appliance (ASA) Software 8.4.2.8, Cisco Adaptive Security Appliance (ASA) Software 8.4.3, Cisco Adaptive Security Appliance (ASA) Software 8.4.3.8, Cisco Adaptive Security Appliance (ASA) Software 8.4.3.9, Cisco Adaptive Security Appliance (ASA) Software 8.4.4, Cisco Adaptive Security Appliance (ASA) Software 8.4.4.1, Cisco Adaptive Security Appliance (ASA) Software 8.4.4.3, Cisco Adaptive Security Appliance (ASA) Software 8.5.1, Cisco Adaptive Security Appliance (ASA) Software 8.5.1.1, Cisco Adaptive Security Appliance (ASA) Software 8.5.1.6, Cisco Adaptive Security Appliance (ASA) Software 8.5.1.7, Cisco Adaptive Security Appliance (ASA) Software 8.6.1.1, Cisco Adaptive Security Appliance (ASA) Software 8.6.1, Cisco Adaptive Security Appliance (ASA) Software 8.6.1.2, Cisco Adaptive Security Appliance (ASA) Software

Related Products

Product CVE Evidence
Cisco Firewall Services Module (FWSM) CVE-2012-4663 Cisco OpenVuln
Cisco Firewall Services Module (FWSM) CVE-2012-4662 Cisco OpenVuln
Cisco Firewall Services Module (FWSM) CVE-2012-4661 Cisco OpenVuln
Cisco Firewall Services Module (FWSM) CVE-2012-4660 Cisco OpenVuln
Cisco Firewall Services Module (FWSM) CVE-2012-4659 Cisco OpenVuln
Cisco Firewall Services Module (FWSM) CVE-2012-4643 Cisco OpenVuln
Cisco Adaptive Security Appliance (ASA) Software CVE-2012-4663 Cisco OpenVuln
Cisco Adaptive Security Appliance (ASA) Software CVE-2012-4662 Cisco OpenVuln
Cisco Adaptive Security Appliance (ASA) Software CVE-2012-4661 Cisco OpenVuln
Cisco Adaptive Security Appliance (ASA) Software CVE-2012-4660 Cisco OpenVuln
Cisco Adaptive Security Appliance (ASA) Software CVE-2012-4659 Cisco OpenVuln
Cisco Adaptive Security Appliance (ASA) Software CVE-2012-4643 Cisco OpenVuln