Cisco Adaptive Security Appliance Malformed DNS Reply Denial of Service Vulnerability

ID CISCO-SA-20131202-CVE-2013-6696
Type cisco
Reporter Cisco
Modified 2013-12-02T21:23:32


A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause the reload of an affected system.

The vulnerability is due to improper handling of DNS error cases when the Cisco ASA Software receives a DNS reply packet under a particular system configuration. An attacker could exploit this vulnerability by either owning a DNS server or ensuring that the reply to a DNS request from an affected system is malformed. An exploit could allow the attacker to cause the reload of the affected system.

Cisco has confirmed the vulnerability in a security notice and released software updates.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.