ID CVE-2016-1369 Type cve Reporter cve@mitre.org Modified 2016-12-01T03:05:00
Description
The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows remote attackers to cause a denial of service (resource consumption, and inspection outage or module outage) via a flood of crafted IP traffic, aka Bug ID CSCux19922.
{"cisco": [{"lastseen": "2020-12-24T11:41:23", "bulletinFamily": "software", "cvelist": ["CVE-2016-1369"], "description": "A vulnerability in the kernel logging configuration for Firepower System Software for the Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources. \n\nThe vulnerability is due to the logging of certain IP packets. An attacker could exploit this vulnerability by sending a flood of specially crafted IP packets to the affected device. An exploit could allow the attacker to cause the Cisco FirePOWER module to cease inspecting traffic or go offline.\n\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\n\nThis advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-fpkern[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-fpkern\"]", "modified": "2016-05-04T13:33:44", "published": "2016-05-04T16:00:00", "id": "CISCO-SA-20160504-FPKERN", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-fpkern", "type": "cisco", "title": "Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T22:55:23", "bulletinFamily": "info", "cvelist": ["CVE-2016-1368", "CVE-2016-1369", "CVE-2016-1387"], "description": "Cisco Systems said it has patched a critical flaw tied to its TelePresence hardware that allowed unauthorized third-parties to access the system via an API bug. The networking behemoth also alerted customers to a duo of denial of service attack vulnerabilities that represent a high risk for its FirePOWER firewall hardware.\n\nThe United States Computer Emergency Readiness Team (US-CERT) [issued an alert on Wednesday](<https://www.us-cert.gov/ncas/current-activity/2016/05/04/Cisco-Releases-Security-Updates>) and said Cisco has provided patches for the affected products.\n\nThe most serious of the flaws is tied to Cisco\u2019s TelePresence XML application programming interface and allows hackers to bypass the authentication process for its TelePresence EX, MX, SX and VX hardware. Hackers with knowledge of the vulnerability are able to perform unauthorized configuration changes or issue control commands to TelePresence hardware running affected software.\n\nCisco issued a patch ([CVE-2016-1387](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml>)) for the TelePresence bug. Cisco wrote: \u201cThe vulnerability is due to improper implementation of authentication mechanisms for the XML API of the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the XML API.\u201d\n\nCisco also notified customers on Wednesday of two vulnerabilities labeled as high that could allow an attacker to launch denial of service attacks. Both these vulnerabilities are tied to Cisco\u2019s enterprise firewall hardware (ASA 5585-X FirePOWER SSP).\n\nOne of those denial of service vulnerabilities ([CVE-2016-1369](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-fpkern>)) stems from a flaw in the kernel logging configuration for Firepower System Software for the Adaptive Security Appliance. According to Cisco the bug \u201ccould allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources.\u201d\n\nCisco said there are no workarounds for the vulnerabilities and is urging customers to download a free software update for affected software.\n\nThe second vulnerability is also classified as high and relates to the firewall hardware\u2019s (ASA 5585-X FirePOWER SSP) packet processing functions. Cisco says the flaw ([CVE-2016-1368](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower>)) could allow a remote attacker to trigger an affected firewall sub-system to stop inspecting and processing packets, resulting in conditions ripe for a denial of service attack.\n\n\u201cThe vulnerability is due to improper packet handling by the affected software when packets are passed through the sensing interfaces of an affected system. An attacker could exploit this vulnerability by sending crafted packets through a targeted system,\u201d Cisco wrote.\n\nSpecific products affected by the packet processing vulnerability are both Cisco\u2019s FirePOWER firewall models 7000 and 8000 running FirePOWER System Software releases 5.3.0 through 5.3.0.6 and 5.4.0 through 5.4.0.3.\n\nUpdates to fix the vulnerability can be found [on Cisco\u2019s site](<http://www.cisco.com/c/en/us/td/docs/general/warranty/English/EU1KEN_.html>).\n", "modified": "2016-05-05T22:26:08", "published": "2016-05-04T17:17:04", "id": "THREATPOST:0674B5D6782927D685E42C7DEA161EBE", "href": "https://threatpost.com/cisco-patches-critical-telepresence-vulnerability/117866/", "type": "threatpost", "title": "Cisco Issues Critical Security Warning Tied to TelePresence Hardware", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}]}
