Lucene search

CiscoCISCO-SA-20141008-ASA

HistoryOct 08, 2014 - 4:00 p.m.

Multiple Vulnerabilities in Cisco ASA Software

2014-10-0816:00:00

tools.cisco.com

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

72.8%

JSON

2015-July-08 UPDATE: Cisco PSIRT is aware of disruption to some
Cisco customers with Cisco ASA devices affected by CVE-2014-3383, the
Cisco ASA VPN Denial of Service Vulnerability that was disclosed in this
Security Advisory. Traffic causing the disruption was isolated to a
specific source IPv4 address. Cisco has engaged the provider and owner
of that device and determined that the traffic was sent with no
malicious intent. Cisco strongly recommends that customers upgrade to a
fixed Cisco ASA software release to remediate this issue.

Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities:

Cisco ASA SQL*NET Inspection Engine Denial of Service Vulnerability
Cisco ASA VPN Denial of Service Vulnerability
Cisco ASA IKEv2 Denial of Service Vulnerability 
Cisco ASA Health and Performance Monitor Denial of Service Vulnerability
Cisco ASA GPRS Tunneling Protocol Inspection Engine Denial of Service Vulnerability
Cisco ASA SunRPC Inspection Engine Denial of Service Vulnerability
Cisco ASA DNS Inspection Engine Denial of Service Vulnerability
Cisco ASA VPN Failover Command Injection Vulnerability
Cisco ASA VNMC Command Input Validation Vulnerability
Cisco ASA Local Path Inclusion Vulnerability 
Cisco ASA Clientless SSL VPN Information Disclosure and Denial of Service Vulnerability 
Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability
Cisco ASA Smart Call Home Digital Certificate Validation Vulnerability

These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others.

Successful exploitation of the Cisco ASA SQL*NET Inspection Engine Denial of Service Vulnerability, Cisco ASA VPN Denial of Service Vulnerability, Cisco ASA IKEv2 Denial of Service Vulnerability, Cisco ASA Health and Performance Monitor Denial of Service Vulnerability, Cisco ASA GPRS Tunneling Protocol Inspection Engine Denial of Service Vulnerability, Cisco ASA SunRPC Inspection Engine Denial of Service Vulnerability, and Cisco ASA DNS Inspection Engine Denial of Service Vulnerability may result in a reload of an affected device, leading to a denial of service (DoS) condition.

Successful exploitation of the Cisco ASA VPN Failover Command Injection Vulnerability, Cisco ASA VNMC Command Input Validation Vulnerability, and Cisco ASA Local Path Inclusion Vulnerability may result in full compromise of the affected system.

Successful exploitation of the Cisco ASA Clientless SSL VPN Information Disclosure and Denial of Service Vulnerability may result in the disclosure of internal information or, in some cases, a reload of the affected system.

Successful exploitation of the Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability may result in a compromise of the Clientless SSL VPN portal, which may lead to several types of attacks, which are not limited to cross-site scripting (XSS), stealing of credentials, or redirects of users to malicious web pages.

Successful exploitation of the Cisco ASA Smart Call Home Digital Certificate Validation Vulnerability may result in a digital certificate validation bypass, which could allow the attacker to bypass digital certificate authentication and gain access inside the network via remote access VPN or management access to the affected system via the Cisco Adaptive Security Device Management (ASDM).

Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa”]

Affected configurations

Vulners

Node

ciscoadaptive_security_appliance_softwareMatch7.2

ciscoadaptive_security_appliance_softwareMatch8.2

ciscoadaptive_security_appliance_softwareMatch8.1

ciscoadaptive_security_appliance_softwareMatch8.3

ciscoadaptive_security_appliance_softwareMatch8.4

ciscoadaptive_security_appliance_softwareMatch8.5

ciscoadaptive_security_appliance_softwareMatch8.6

ciscoadaptive_security_appliance_softwareMatch8.7

ciscoadaptive_security_appliance_softwareMatch9.0

ciscoadaptive_security_appliance_softwareMatch9.1

ciscoadaptive_security_appliance_softwareMatch9.2

ciscoadaptive_security_appliance_softwareMatch9.3

ciscoadaptive_security_appliance_softwareMatch7.2.2.34

ciscoadaptive_security_appliance_softwareMatch7.2.3.1

ciscoadaptive_security_appliance_softwareMatch7.2.2

ciscoadaptive_security_appliance_softwareMatch7.2.4

ciscoadaptive_security_appliance_softwareMatch7.2.3

ciscoadaptive_security_appliance_softwareMatch7.2.1

ciscoadaptive_security_appliance_softwareMatch7.2.4.27

ciscoadaptive_security_appliance_softwareMatch7.2.4.30

ciscoadaptive_security_appliance_softwareMatch7.2.5

ciscoadaptive_security_appliance_softwareMatch7.2.4.33

ciscoadaptive_security_appliance_softwareMatch7.2.1.9

ciscoadaptive_security_appliance_softwareMatch7.2.1.13

ciscoadaptive_security_appliance_softwareMatch7.2.1.19

ciscoadaptive_security_appliance_softwareMatch7.2.1.24

ciscoadaptive_security_appliance_softwareMatch7.2.2.6

ciscoadaptive_security_appliance_softwareMatch7.2.2.10

ciscoadaptive_security_appliance_softwareMatch7.2.2.14

ciscoadaptive_security_appliance_softwareMatch7.2.2.18

ciscoadaptive_security_appliance_softwareMatch7.2.2.19

ciscoadaptive_security_appliance_softwareMatch7.2.2.22

ciscoadaptive_security_appliance_softwareMatch7.2.3.12

ciscoadaptive_security_appliance_softwareMatch7.2.3.16

ciscoadaptive_security_appliance_softwareMatch7.2.4.6

ciscoadaptive_security_appliance_softwareMatch7.2.4.9

ciscoadaptive_security_appliance_softwareMatch7.2.4.18

ciscoadaptive_security_appliance_softwareMatch7.2.4.25

ciscoadaptive_security_appliance_softwareMatch7.2.5.2

ciscoadaptive_security_appliance_softwareMatch7.2.5.4

ciscoadaptive_security_appliance_softwareMatch7.2.5.7

ciscoadaptive_security_appliance_softwareMatch7.2.5.8

ciscoadaptive_security_appliance_softwareMatch7.2.5.10

ciscoadaptive_security_appliance_softwareMatch7.2.5.12

ciscoadaptive_security_appliance_softwareMatch8.2.0.45

ciscoadaptive_security_appliance_softwareMatch8.2.1

ciscoadaptive_security_appliance_softwareMatch8.2.2

ciscoadaptive_security_appliance_softwareMatch8.2.2.10

ciscoadaptive_security_appliance_softwareMatch8.2.3

ciscoadaptive_security_appliance_softwareMatch8.2.4

ciscoadaptive_security_appliance_softwareMatch8.2.1.11

ciscoadaptive_security_appliance_softwareMatch8.2.2.9

ciscoadaptive_security_appliance_softwareMatch8.2.2.12

ciscoadaptive_security_appliance_softwareMatch8.2.2.16

ciscoadaptive_security_appliance_softwareMatch8.2.4.1

ciscoadaptive_security_appliance_softwareMatch8.2.4.4

ciscoadaptive_security_appliance_softwareMatch8.2.5

ciscoadaptive_security_appliance_softwareMatch8.2.5.13

ciscoadaptive_security_appliance_softwareMatch8.2.5.22

ciscoadaptive_security_appliance_softwareMatch8.2.5.26

ciscoadaptive_security_appliance_softwareMatch8.2.2.17

ciscoadaptive_security_appliance_softwareMatch8.2.5.33

ciscoadaptive_security_appliance_softwareMatch8.2.5.40

ciscoadaptive_security_appliance_softwareMatch8.2.5.41

ciscoadaptive_security_appliance_softwareMatch8.2.5.46

ciscoadaptive_security_appliance_softwareMatch8.2.5.48

ciscoadaptive_security_appliance_softwareMatch8.2.5.50

ciscoadaptive_security_appliance_softwareMatch8.1.2.50

ciscoadaptive_security_appliance_softwareMatch8.3.1.1

ciscoadaptive_security_appliance_softwareMatch8.3.1

ciscoadaptive_security_appliance_softwareMatch8.3.2

ciscoadaptive_security_appliance_softwareMatch8.3.2.23

ciscoadaptive_security_appliance_softwareMatch8.3.2.25

ciscoadaptive_security_appliance_softwareMatch8.3.1.4

ciscoadaptive_security_appliance_softwareMatch8.3.1.6

ciscoadaptive_security_appliance_softwareMatch8.3.2.4

ciscoadaptive_security_appliance_softwareMatch8.3.2.13

ciscoadaptive_security_appliance_softwareMatch8.3.2.31

ciscoadaptive_security_appliance_softwareMatch8.3.2.33

ciscoadaptive_security_appliance_softwareMatch8.3.2.34

ciscoadaptive_security_appliance_softwareMatch8.3.2.37

ciscoadaptive_security_appliance_softwareMatch8.3.2.39

ciscoadaptive_security_appliance_softwareMatch8.3.2.40

ciscoadaptive_security_appliance_softwareMatch8.3.2.41

ciscoadaptive_security_appliance_softwareMatch8.4.1

ciscoadaptive_security_appliance_softwareMatch8.4.2

ciscoadaptive_security_appliance_softwareMatch8.4.1.3

ciscoadaptive_security_appliance_softwareMatch8.4.1.11

ciscoadaptive_security_appliance_softwareMatch8.4.2.8

ciscoadaptive_security_appliance_softwareMatch8.4.3

ciscoadaptive_security_appliance_softwareMatch8.4.3.8

ciscoadaptive_security_appliance_softwareMatch8.4.3.9

ciscoadaptive_security_appliance_softwareMatch8.4.4

ciscoadaptive_security_appliance_softwareMatch8.4.4.1

ciscoadaptive_security_appliance_softwareMatch8.4.4.3

ciscoadaptive_security_appliance_softwareMatch8.4.4.5

ciscoadaptive_security_appliance_softwareMatch8.4.4.9

ciscoadaptive_security_appliance_softwareMatch8.4.5

ciscoadaptive_security_appliance_softwareMatch8.4.5.6

ciscoadaptive_security_appliance_softwareMatch8.4.6

ciscoadaptive_security_appliance_softwareMatch8.4.2.1

ciscoadaptive_security_appliance_softwareMatch8.4.7

ciscoadaptive_security_appliance_softwareMatch8.4.7.3

ciscoadaptive_security_appliance_softwareMatch8.4.7.15

ciscoadaptive_security_appliance_softwareMatch8.4.7.22

ciscoadaptive_security_appliance_softwareMatch8.4.7.23

ciscoadaptive_security_appliance_softwareMatch8.5.1

ciscoadaptive_security_appliance_softwareMatch8.5.1.1

ciscoadaptive_security_appliance_softwareMatch8.5.1.6

ciscoadaptive_security_appliance_softwareMatch8.5.1.7

ciscoadaptive_security_appliance_softwareMatch8.5.1.14

ciscoadaptive_security_appliance_softwareMatch8.5.1.17

ciscoadaptive_security_appliance_softwareMatch8.5.1.18

ciscoadaptive_security_appliance_softwareMatch8.5.1.19

ciscoadaptive_security_appliance_softwareMatch8.5.1.21

ciscoadaptive_security_appliance_softwareMatch8.6.1.1

ciscoadaptive_security_appliance_softwareMatch8.6.1

ciscoadaptive_security_appliance_softwareMatch8.6.1.2

ciscoadaptive_security_appliance_softwareMatch8.6.1.5

ciscoadaptive_security_appliance_softwareMatch8.6.1.10

ciscoadaptive_security_appliance_softwareMatch8.6.1.12

ciscoadaptive_security_appliance_softwareMatch8.6.1.13

ciscoadaptive_security_appliance_softwareMatch8.6.1.14

ciscoadaptive_security_appliance_softwareMatch8.7.1

ciscoadaptive_security_appliance_softwareMatch8.7.1.1

ciscoadaptive_security_appliance_softwareMatch8.7.1.3

ciscoadaptive_security_appliance_softwareMatch8.7.1.4

ciscoadaptive_security_appliance_softwareMatch8.7.1.7

ciscoadaptive_security_appliance_softwareMatch8.7.1.8

ciscoadaptive_security_appliance_softwareMatch8.7.1.11

ciscoadaptive_security_appliance_softwareMatch8.7.1.13

ciscoadaptive_security_appliance_softwareMatch9.0.1

ciscoadaptive_security_appliance_softwareMatch9.0.2

ciscoadaptive_security_appliance_softwareMatch9.0.2.10

ciscoadaptive_security_appliance_softwareMatch9.0.3

ciscoadaptive_security_appliance_softwareMatch9.0.3.6

ciscoadaptive_security_appliance_softwareMatch9.0.3.8

ciscoadaptive_security_appliance_softwareMatch9.0.4

ciscoadaptive_security_appliance_softwareMatch9.0.4.1

ciscoadaptive_security_appliance_softwareMatch9.0.4.5

ciscoadaptive_security_appliance_softwareMatch9.0.4.17

ciscoadaptive_security_appliance_softwareMatch9.0.4.20

ciscoadaptive_security_appliance_softwareMatch9.0.4.24

ciscoadaptive_security_appliance_softwareMatch9.0.4.7

ciscoadaptive_security_appliance_softwareMatch9.1.1

ciscoadaptive_security_appliance_softwareMatch9.1.1.4

ciscoadaptive_security_appliance_softwareMatch9.1.2

ciscoadaptive_security_appliance_softwareMatch9.1.3

ciscoadaptive_security_appliance_softwareMatch9.1.2.8

ciscoadaptive_security_appliance_softwareMatch9.1.3.2

ciscoadaptive_security_appliance_softwareMatch9.1.4

ciscoadaptive_security_appliance_softwareMatch9.1.4.5

ciscoadaptive_security_appliance_softwareMatch9.1.5

ciscoadaptive_security_appliance_softwareMatch9.1.5.10

ciscoadaptive_security_appliance_softwareMatch9.1.5.12

ciscoadaptive_security_appliance_softwareMatch9.1.5.15

ciscoadaptive_security_appliance_softwareMatch9.2.1

ciscoadaptive_security_appliance_softwareMatch9.2.2

ciscoadaptive_security_appliance_softwareMatch9.2.2.4

ciscoadaptive_security_appliance_softwareMatch9.2.3

ciscoadaptive_security_appliance_softwareMatch9.3.1

ciscoadaptive_security_appliance_softwareMatch9.3.1.1

CPENameOperatorVersion
cisco adaptive security appliance (asa) softwareeq7.2
cisco adaptive security appliance (asa) softwareeq8.2
cisco adaptive security appliance (asa) softwareeq8.1
cisco adaptive security appliance (asa) softwareeq8.3
cisco adaptive security appliance (asa) softwareeq8.4
cisco adaptive security appliance (asa) softwareeq8.5
cisco adaptive security appliance (asa) softwareeq8.6
cisco adaptive security appliance (asa) softwareeq8.7
cisco adaptive security appliance (asa) softwareeq9.0
cisco adaptive security appliance (asa) softwareeq9.1

Name	Operator	Version
cisco adaptive security appliance (asa) software	eq	7.2
cisco adaptive security appliance (asa) software	eq	8.2
cisco adaptive security appliance (asa) software	eq	8.1
cisco adaptive security appliance (asa) software	eq	8.3
cisco adaptive security appliance (asa) software	eq	8.4
cisco adaptive security appliance (asa) software	eq	8.5
cisco adaptive security appliance (asa) software	eq	8.6
cisco adaptive security appliance (asa) software	eq	8.7
cisco adaptive security appliance (asa) software	eq	9.0
cisco adaptive security appliance (asa) software	eq	9.1