Multiple Vulnerabilities in Cisco Firewall Services Module Software

2013-04-1016:00:00

tools.cisco.com

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.002

Percentile

55.7%

JSON

Cisco Firewall Services Module (FWSM) Software for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is affected by the following vulnerabilities:

FWSM HTTP Proxy Traceback Vulnerability


IKE Version 1 Denial of Service Vulnerability

These vulnerabilities are independent of each other; a release that is
affected by one of the vulnerabilities may not be affected by the
other.

Successful exploitation of either of these vulnerabilities may result in a
reload of an affected device, leading to a denial of service (DoS) condition.

Cisco has released software updates that address these vulnerabilities. A workaround is available for the IKE
vulnerability.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-fwsm[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-fwsm”]

Note: The
Cisco Adaptive Security Appliance (ASA) may be affected by some of the
vulnerabilities listed above. A separate Cisco Security Advisory has
been published to disclose the vulnerabilities that affect the Cisco ASA. That advisory is available at:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asa[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asa”]

Affected configurations

Vulners

Node

ciscofirewall_services_moduleMatchany

ciscoadaptive_security_appliance_softwareMatch8.4

ciscofirewall_services_moduleMatchany

ciscoadaptive_security_appliance_softwareMatch8.4.1

ciscoadaptive_security_appliance_softwareMatch8.4.2

ciscoadaptive_security_appliance_softwareMatch8.4.3

ciscoadaptive_security_appliance_softwareMatch8.4.4

ciscoadaptive_security_appliance_softwareMatch8.4.5

VendorProductVersionCPE
ciscofirewall_services_moduleanycpe:2.3:h:cisco:firewall_services_module:any:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.1cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.2cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.3cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.4cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.5cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	firewall_services_module	any	cpe:2.3:h:cisco:firewall_services_module:any:::::::*
cisco	adaptive_security_appliance_software	8.4	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:::::::*
cisco	adaptive_security_appliance_software	8.4.1	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1:::::::*
cisco	adaptive_security_appliance_software	8.4.2	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2:::::::*
cisco	adaptive_security_appliance_software	8.4.3	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3:::::::*
cisco	adaptive_security_appliance_software	8.4.4	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4:::::::*
cisco	adaptive_security_appliance_software	8.4.5	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.5:::::::*