Lucene search

CiscoCISCO-SA-20131009-ASA

HistoryOct 09, 2013 - 4:00 p.m.

Multiple Vulnerabilities in Cisco ASA Software

2013-10-0916:00:00

tools.cisco.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

77.8%

JSON

Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities:

IPsec VPN Crafted ICMP Packet Denial of Service Vulnerability
SQL*Net Inspection Engine Denial of Service Vulnerability
Digital Certificate Authentication Bypass Vulnerability
Remote Access VPN Authentication Bypass Vulnerability
Digital Certificate HTTP Authentication Bypass Vulnerability
HTTP Deep Packet Inspection Denial of Service Vulnerability
DNS Inspection Denial of Service Vulnerability
AnyConnect SSL VPN Memory Exhaustion Denial of Service Vulnerability
SSL VPN Web Portal Denial of Service Vulnerability
Crafted ICMP Packet Denial of Service Vulnerability
These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others.

Successful exploitation of the IPsec VPN Crafted ICMP Packet Denial of Service Vulnerability, SQL*Net Inspection Engine Denial of Service Vulnerability, HTTP Deep Packet Inspection Denial of Service Vulnerability, DNS Inspection Denial of Service Vulnerability, and SSL VPN Web Portal Denial of Service Vulnerability may result in a reload of an affected device, leading to a denial of service (DoS) condition.

Successful exploitation of the Digital Certificate Authentication Bypass Vulnerability, Remote Access VPN Authentication Bypass Vulnerability, and Digital Certificate HTTP Authentication Bypass Vulnerability may result in an authentication bypass, which could allow the attacker access to the inside network via remote access VPN or management access to the affected system via the Cisco Adaptive Security Device Management (ASDM).

Successful exploitation of the AnyConnect SSL VPN Memory Exhaustion Denial of Service Vulnerability may exhaust available memory, which could result in general system instability and cause the affected system to become unresponsive and stop forwarding traffic.

Successful exploitation of the Crafted ICMP Packet Denial of Service Vulnerability may cause valid connections that are passing through the affected system to be dropped, or cause a reload of the system, leading to a denial of service (DoS) condition.

Cisco has released software updates that address these vulnerabilities. Workarounds are available for some of the vulnerabilities.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa”]

Note: The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers may be affected by the SQL*Net Inspection Engine Denial of Service Vulnerability. A separate Cisco Security Advisory has been published to disclose the vulnerabilities that affect the Cisco FWSM. This advisory is available at:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm [" https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm"]

Affected configurations

Vulners

Node

ciscofirewall_services_moduleMatchany

ciscoadaptive_security_appliance_softwareMatch7.0

ciscoadaptive_security_appliance_softwareMatch7.1

ciscoadaptive_security_appliance_softwareMatch7.2

ciscoadaptive_security_appliance_softwareMatch8.0

ciscoadaptive_security_appliance_softwareMatch8.2

ciscoadaptive_security_appliance_softwareMatch8.1

ciscoadaptive_security_appliance_softwareMatch8.3

ciscoadaptive_security_appliance_softwareMatch8.4

ciscoadaptive_security_appliance_softwareMatch8.5

ciscoadaptive_security_appliance_softwareMatch8.6

ciscoadaptive_security_appliance_softwareMatch8.7

ciscoadaptive_security_appliance_softwareMatch9.0

ciscoadaptive_security_appliance_softwareMatch9.1

ciscofirewall_services_moduleMatchany

ciscoadaptive_security_appliance_softwareMatch7.0.1

ciscoadaptive_security_appliance_softwareMatch7.0.1.4

ciscoadaptive_security_appliance_softwareMatch7.0.4

ciscoadaptive_security_appliance_softwareMatch7.0.4.2

ciscoadaptive_security_appliance_softwareMatch7.0.2

ciscoadaptive_security_appliance_softwareMatch7.0.3

ciscoadaptive_security_appliance_softwareMatch7.0.7.1

ciscoadaptive_security_appliance_softwareMatch7.0.8

ciscoadaptive_security_appliance_softwareMatch7.0.7

ciscoadaptive_security_appliance_softwareMatch7.0.6

ciscoadaptive_security_appliance_softwareMatch7.0.5

ciscoadaptive_security_appliance_softwareMatch7.0.5.12

ciscoadaptive_security_appliance_softwareMatch7.0.6.4

ciscoadaptive_security_appliance_softwareMatch7.0.6.8

ciscoadaptive_security_appliance_softwareMatch7.0.6.18

ciscoadaptive_security_appliance_softwareMatch7.0.6.22

ciscoadaptive_security_appliance_softwareMatch7.0.6.26

ciscoadaptive_security_appliance_softwareMatch7.0.6.29

ciscoadaptive_security_appliance_softwareMatch7.0.6.32

ciscoadaptive_security_appliance_softwareMatch7.0.7.4

ciscoadaptive_security_appliance_softwareMatch7.0.7.9

ciscoadaptive_security_appliance_softwareMatch7.0.7.12

ciscoadaptive_security_appliance_softwareMatch7.0.8.2

ciscoadaptive_security_appliance_softwareMatch7.0.8.8

ciscoadaptive_security_appliance_softwareMatch7.0.8.12

ciscoadaptive_security_appliance_softwareMatch7.0.8.13

ciscoadaptive_security_appliance_softwareMatch7.1.2.61

ciscoadaptive_security_appliance_softwareMatch7.1.2

ciscoadaptive_security_appliance_softwareMatch7.1.2.81

ciscoadaptive_security_appliance_softwareMatch7.1.2.64

ciscoadaptive_security_appliance_softwareMatch7.1.2.72

ciscoadaptive_security_appliance_softwareMatch7.1.2.16

ciscoadaptive_security_appliance_softwareMatch7.1.2.20

ciscoadaptive_security_appliance_softwareMatch7.1.2.24

ciscoadaptive_security_appliance_softwareMatch7.1.2.28

ciscoadaptive_security_appliance_softwareMatch7.1.2.38

ciscoadaptive_security_appliance_softwareMatch7.1.2.42

ciscoadaptive_security_appliance_softwareMatch7.1.2.46

ciscoadaptive_security_appliance_softwareMatch7.1.2.49

ciscoadaptive_security_appliance_softwareMatch7.1.2.53

ciscoadaptive_security_appliance_softwareMatch7.2.2.34

ciscoadaptive_security_appliance_softwareMatch7.2.3.1

ciscoadaptive_security_appliance_softwareMatch7.2.2

ciscoadaptive_security_appliance_softwareMatch7.2.4

ciscoadaptive_security_appliance_softwareMatch7.2.3

ciscoadaptive_security_appliance_softwareMatch7.2.1

ciscoadaptive_security_appliance_softwareMatch7.2.4.27

ciscoadaptive_security_appliance_softwareMatch7.2.4.30

ciscoadaptive_security_appliance_softwareMatch7.2.5

ciscoadaptive_security_appliance_softwareMatch7.2.4.33

ciscoadaptive_security_appliance_softwareMatch7.2.1.9

ciscoadaptive_security_appliance_softwareMatch7.2.1.13

ciscoadaptive_security_appliance_softwareMatch7.2.1.19

ciscoadaptive_security_appliance_softwareMatch7.2.1.24

ciscoadaptive_security_appliance_softwareMatch7.2.2.6

ciscoadaptive_security_appliance_softwareMatch7.2.2.10

ciscoadaptive_security_appliance_softwareMatch7.2.2.14

ciscoadaptive_security_appliance_softwareMatch7.2.2.18

ciscoadaptive_security_appliance_softwareMatch7.2.2.19

ciscoadaptive_security_appliance_softwareMatch7.2.2.22

ciscoadaptive_security_appliance_softwareMatch7.2.3.12

ciscoadaptive_security_appliance_softwareMatch7.2.3.16

ciscoadaptive_security_appliance_softwareMatch7.2.4.6

ciscoadaptive_security_appliance_softwareMatch7.2.4.9

ciscoadaptive_security_appliance_softwareMatch7.2.4.18

ciscoadaptive_security_appliance_softwareMatch7.2.4.25

ciscoadaptive_security_appliance_softwareMatch7.2.5.2

ciscoadaptive_security_appliance_softwareMatch7.2.5.4

ciscoadaptive_security_appliance_softwareMatch7.2.5.7

ciscoadaptive_security_appliance_softwareMatch7.2.5.8

ciscoadaptive_security_appliance_softwareMatch7.2.5.10

ciscoadaptive_security_appliance_softwareMatch8.0.2.11

ciscoadaptive_security_appliance_softwareMatch8.0.4

ciscoadaptive_security_appliance_softwareMatch8.0.3

ciscoadaptive_security_appliance_softwareMatch8.0.2

ciscoadaptive_security_appliance_softwareMatch8.0.1.2

ciscoadaptive_security_appliance_softwareMatch8.0.4.25

ciscoadaptive_security_appliance_softwareMatch8.0.4.28

ciscoadaptive_security_appliance_softwareMatch8.0.4.33

ciscoadaptive_security_appliance_softwareMatch8.0.4.32

ciscoadaptive_security_appliance_softwareMatch8.0.5

ciscoadaptive_security_appliance_softwareMatch8.0.2.15

ciscoadaptive_security_appliance_softwareMatch8.0.3.6

ciscoadaptive_security_appliance_softwareMatch8.0.3.12

ciscoadaptive_security_appliance_softwareMatch8.0.3.19

ciscoadaptive_security_appliance_softwareMatch8.0.4.3

ciscoadaptive_security_appliance_softwareMatch8.0.4.9

ciscoadaptive_security_appliance_softwareMatch8.0.4.16

ciscoadaptive_security_appliance_softwareMatch8.0.4.23

ciscoadaptive_security_appliance_softwareMatch8.0.4.31

ciscoadaptive_security_appliance_softwareMatch8.0.5.20

ciscoadaptive_security_appliance_softwareMatch8.0.5.23

ciscoadaptive_security_appliance_softwareMatch8.0.5.25

ciscoadaptive_security_appliance_softwareMatch8.0.5.27

ciscoadaptive_security_appliance_softwareMatch8.0.5.28

ciscoadaptive_security_appliance_softwareMatch8.0.5.31

ciscoadaptive_security_appliance_softwareMatch8.2.0.45

ciscoadaptive_security_appliance_softwareMatch8.2.1

ciscoadaptive_security_appliance_softwareMatch8.2.2

ciscoadaptive_security_appliance_softwareMatch8.2.2.10

ciscoadaptive_security_appliance_softwareMatch8.2.3

ciscoadaptive_security_appliance_softwareMatch8.2.4

ciscoadaptive_security_appliance_softwareMatch8.2.1.11

ciscoadaptive_security_appliance_softwareMatch8.2.2.9

ciscoadaptive_security_appliance_softwareMatch8.2.2.12

ciscoadaptive_security_appliance_softwareMatch8.2.2.16

ciscoadaptive_security_appliance_softwareMatch8.2.4.1

ciscoadaptive_security_appliance_softwareMatch8.2.4.4

ciscoadaptive_security_appliance_softwareMatch8.2.5

ciscoadaptive_security_appliance_softwareMatch8.2.5.13

ciscoadaptive_security_appliance_softwareMatch8.2.5.22

ciscoadaptive_security_appliance_softwareMatch8.2.5.26

ciscoadaptive_security_appliance_softwareMatch8.2.2.17

ciscoadaptive_security_appliance_softwareMatch8.2.5.33

ciscoadaptive_security_appliance_softwareMatch8.2.5.40

ciscoadaptive_security_appliance_softwareMatch8.2.5.41

ciscoadaptive_security_appliance_softwareMatch8.1.1

ciscoadaptive_security_appliance_softwareMatch8.1.2

ciscoadaptive_security_appliance_softwareMatch8.1.2.15

ciscoadaptive_security_appliance_softwareMatch8.1.2.16

ciscoadaptive_security_appliance_softwareMatch8.1.2.19

ciscoadaptive_security_appliance_softwareMatch8.1.2.23

ciscoadaptive_security_appliance_softwareMatch8.1.2.24

ciscoadaptive_security_appliance_softwareMatch8.1.2.50

ciscoadaptive_security_appliance_softwareMatch8.1.1.6

ciscoadaptive_security_appliance_softwareMatch8.1.2.13

ciscoadaptive_security_appliance_softwareMatch8.1.2.49

ciscoadaptive_security_appliance_softwareMatch8.1.2.55

ciscoadaptive_security_appliance_softwareMatch8.1.2.56

ciscoadaptive_security_appliance_softwareMatch8.3.1.1

ciscoadaptive_security_appliance_softwareMatch8.3.1

ciscoadaptive_security_appliance_softwareMatch8.3.2

ciscoadaptive_security_appliance_softwareMatch8.3.2.23

ciscoadaptive_security_appliance_softwareMatch8.3.2.25

ciscoadaptive_security_appliance_softwareMatch8.3.1.4

ciscoadaptive_security_appliance_softwareMatch8.3.1.6

ciscoadaptive_security_appliance_softwareMatch8.3.2.4

ciscoadaptive_security_appliance_softwareMatch8.3.2.13

ciscoadaptive_security_appliance_softwareMatch8.3.2.31

ciscoadaptive_security_appliance_softwareMatch8.3.2.33

ciscoadaptive_security_appliance_softwareMatch8.3.2.34

ciscoadaptive_security_appliance_softwareMatch8.3.2.37

ciscoadaptive_security_appliance_softwareMatch8.4.1

ciscoadaptive_security_appliance_softwareMatch8.4.2

ciscoadaptive_security_appliance_softwareMatch8.4.1.3

ciscoadaptive_security_appliance_softwareMatch8.4.1.11

ciscoadaptive_security_appliance_softwareMatch8.4.2.8

ciscoadaptive_security_appliance_softwareMatch8.4.3

ciscoadaptive_security_appliance_softwareMatch8.4.3.8

ciscoadaptive_security_appliance_softwareMatch8.4.3.9

ciscoadaptive_security_appliance_softwareMatch8.4.4

ciscoadaptive_security_appliance_softwareMatch8.4.4.1

ciscoadaptive_security_appliance_softwareMatch8.4.4.3

ciscoadaptive_security_appliance_softwareMatch8.4.4.5

ciscoadaptive_security_appliance_softwareMatch8.4.4.9

ciscoadaptive_security_appliance_softwareMatch8.4.5

ciscoadaptive_security_appliance_softwareMatch8.4.5.6

ciscoadaptive_security_appliance_softwareMatch8.4.6

ciscoadaptive_security_appliance_softwareMatch8.4.2.1

ciscoadaptive_security_appliance_softwareMatch8.4.7

ciscoadaptive_security_appliance_softwareMatch8.5.1

ciscoadaptive_security_appliance_softwareMatch8.5.1.1

ciscoadaptive_security_appliance_softwareMatch8.5.1.6

ciscoadaptive_security_appliance_softwareMatch8.5.1.7

ciscoadaptive_security_appliance_softwareMatch8.5.1.14

ciscoadaptive_security_appliance_softwareMatch8.5.1.17

ciscoadaptive_security_appliance_softwareMatch8.6.1.1

ciscoadaptive_security_appliance_softwareMatch8.6.1

ciscoadaptive_security_appliance_softwareMatch8.6.1.2

ciscoadaptive_security_appliance_softwareMatch8.6.1.5

ciscoadaptive_security_appliance_softwareMatch8.6.1.10

ciscoadaptive_security_appliance_softwareMatch8.7.1

ciscoadaptive_security_appliance_softwareMatch8.7.1.1

ciscoadaptive_security_appliance_softwareMatch8.7.1.3

ciscoadaptive_security_appliance_softwareMatch8.7.1.4

ciscoadaptive_security_appliance_softwareMatch8.7.1.7

ciscoadaptive_security_appliance_softwareMatch9.0.1

ciscoadaptive_security_appliance_softwareMatch9.0.2

ciscoadaptive_security_appliance_softwareMatch9.0.2.10

ciscoadaptive_security_appliance_softwareMatch9.0.3

ciscoadaptive_security_appliance_softwareMatch9.0.3.6

ciscoadaptive_security_appliance_softwareMatch9.1.1

ciscoadaptive_security_appliance_softwareMatch9.1.1.4

ciscoadaptive_security_appliance_softwareMatch9.1.2

ciscoadaptive_security_appliance_softwareMatch9.1.3

ciscoadaptive_security_appliance_softwareMatch9.1.2.8

CPENameOperatorVersion
cisco firewall services module (fwsm)eqany
cisco adaptive security appliance (asa) softwareeq7.0
cisco adaptive security appliance (asa) softwareeq7.1
cisco adaptive security appliance (asa) softwareeq7.2
cisco adaptive security appliance (asa) softwareeq8.0
cisco adaptive security appliance (asa) softwareeq8.2
cisco adaptive security appliance (asa) softwareeq8.1
cisco adaptive security appliance (asa) softwareeq8.3
cisco adaptive security appliance (asa) softwareeq8.4
cisco adaptive security appliance (asa) softwareeq8.5

Name	Operator	Version
cisco firewall services module (fwsm)	eq	any
cisco adaptive security appliance (asa) software	eq	7.0
cisco adaptive security appliance (asa) software	eq	7.1
cisco adaptive security appliance (asa) software	eq	7.2
cisco adaptive security appliance (asa) software	eq	8.0
cisco adaptive security appliance (asa) software	eq	8.2
cisco adaptive security appliance (asa) software	eq	8.1
cisco adaptive security appliance (asa) software	eq	8.3
cisco adaptive security appliance (asa) software	eq	8.4
cisco adaptive security appliance (asa) software	eq	8.5