Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability

cisco-sa-20130116-asa1000v · High · Published · Updated

A vulnerability in Cisco Adaptive Security Appliance (ASA) Software for the Cisco ASA 1000V Cloud Firewall may cause the Cisco ASA 1000V to reload after processing a malformed H.323 message. Cisco ASA 1000V Cloud Firewall is affected when H.323 inspection is enabled. Cisco has released software updates that address this vulnerability. This advisory is posted at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130116-asa1000v Note:  Only Cisco ASA Software for the Cisco ASA 1000V Cloud Firewall is affected by the vulnerability described in this advisory. Cisco ASA 5500 Series Adaptive Security Appliances, Cisco Catalyst 6500 Series ASA Services Module or Cisco Catalyst 6500 Series Firewall Services Module (FWSM) are not affected by this vulnerability.

Cisco advisory · CSAF JSON

Workarounds

If H.323 inspection is not required, it can be disabled so the device is no longer affected by the vulnerability. Administrators can disable H.323 inspection for H.225 messages by issuing the no inspect h323 h225 command in class configuration submode in the policy map configuration. H.323 inspection for H.225 messages should be disabled for the workaround to be effective.

The following example shows how to disable H.323 inspection from the default policy-map:

ASA1000v(config)# policy-map global_policy
ASA1000v(config-pmap)# class inspection_default
ASA1000v(config-pmap-c)# no inspect h323 h225

If H.323 inspection for H.225 messages is required, there are no workarounds.

CVEsCVE-2012-5419
Cisco Bug IDsCSCuc42812, CSCuc88741
CVSS ScoreBase 7.8
Base 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco ASA 1000V Cloud Firewall Software

Related Products

Product CVE Evidence
Cisco Adaptive Security Appliance (ASA) Software CVE-2012-5419 Cisco OpenVuln
Cisco ASA 1000V Cloud Firewall Software CVE-2012-5419 Cisco OpenVuln