Cisco ASA-CX TCP Traffic Denial of Service Vulnerability
Cisco-SA-20130617-CVE-2013-1203 · Medium · Published · Updated
A vulnerability processing TCP traffic on Cisco ASA CX could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to invalid parsing of TCP packet data forwarded to Cisco ASA CX by the Cisco ASA. An attacker could exploit this vulnerability by sending specific TCP traffic to the Cisco ASA CX to be processed. Cisco has confirmed the vulnerability in a security notice and has released software updates. To exploit this vulnerability, an attacker may require access to trusted, internal networks to send crafted requests to the affected software. This access requirement could limit the likelihood of a successful exploit.
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to have network access.
It is critical to prevent unauthorized direct communication to network devices. Restrict network traffic destined for the network infrastructure to protect against reconnaissance and DoS attacks. For configuration details, see Protecting Your Core: Infrastructure Protection Access Control Listshttp://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml .
Understanding activity on the network provides information and visibility that can identify potential security incidents. Organizations should log events from devices and review the logged data to provide insight into anomalies or malicious activity. For logging best practices, see Cisco Guide to Harden Cisco IOS Deviceshttp://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml#logbest .