Cisco Adaptive Security Appliance Software Filter and Inspect Overlap Denial of Service Vulnerability

2014-07-1120:24:48

tools.cisco.com

CVSS2

5.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:N/I:N/A:C

EPSS

0.008

Percentile

81.1%

JSON

A vulnerability in the inspection and filter features of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the affected system to reload.

The vulnerability is due to an internal traffic loop condition that can be triggered when a received packet is matched for both filtering and inspection due to a configuration with overlapping traffic matching criteria (configuration is not supported). An attacker could exploit this vulnerability by sending a packet that would be matched by the incorrect configuration. An exploit could allow the attacker to trigger an affected system to crash, resulting in a denial of service (DoS) condition.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, an attacker must know whether a targeted device has both filtering and inspection features enabled. Due to the additional required information, this may reduce the likelihood of a successful exploit.

Affected configurations

Vulners

Node

ciscoadaptive_security_appliance_softwareMatch8.4

ciscoadaptive_security_appliance_softwareMatch8.4.1

ciscoadaptive_security_appliance_softwareMatch8.4.2

ciscoadaptive_security_appliance_softwareMatch8.4.1.3

ciscoadaptive_security_appliance_softwareMatch8.4.1.11

ciscoadaptive_security_appliance_softwareMatch8.4.2.8

ciscoadaptive_security_appliance_softwareMatch8.4.3

ciscoadaptive_security_appliance_softwareMatch8.4.3.8

ciscoadaptive_security_appliance_softwareMatch8.4.3.9

ciscoadaptive_security_appliance_softwareMatch8.4.4

ciscoadaptive_security_appliance_softwareMatch8.4.4.1

ciscoadaptive_security_appliance_softwareMatch8.4.4.3

ciscoadaptive_security_appliance_softwareMatch8.4.4.5

ciscoadaptive_security_appliance_softwareMatch8.4.4.9

ciscoadaptive_security_appliance_softwareMatch8.4.5

ciscoadaptive_security_appliance_softwareMatch8.4.5.6

ciscoadaptive_security_appliance_softwareMatch8.4.6

ciscoadaptive_security_appliance_softwareMatch8.4.2.1

VendorProductVersionCPE
ciscoadaptive_security_appliance_software8.4cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.1cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.2cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.1.3cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.3:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.1.11cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.11:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.2.8cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2.8:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.3cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.3.8cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.8:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.3.9cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.9:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.4cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	adaptive_security_appliance_software	8.4	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:::::::*
cisco	adaptive_security_appliance_software	8.4.1	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1:::::::*
cisco	adaptive_security_appliance_software	8.4.2	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2:::::::*
cisco	adaptive_security_appliance_software	8.4.1.3	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.3:::::::*
cisco	adaptive_security_appliance_software	8.4.1.11	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.11:::::::*
cisco	adaptive_security_appliance_software	8.4.2.8	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2.8:::::::*
cisco	adaptive_security_appliance_software	8.4.3	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3:::::::*
cisco	adaptive_security_appliance_software	8.4.3.8	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.8:::::::*
cisco	adaptive_security_appliance_software	8.4.3.9	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.9:::::::*
cisco	adaptive_security_appliance_software	8.4.4	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4:::::::*