[BBLISA] FYI, multiple vulnerabilities in Cisco ASA products

Thu Oct 10 23:06:15 EDT 2013

Got this in e-mail today. Just an FYI in case any bblisa'ers have them....

Security Advisories & Responses for Cisco ASA 5500-X Series Next-Generation Firewalls 

Title:         Multiple Vulnerabilities in Cisco Firewall Services Module Software 

Description:         

Cisco Firewall Services Module (FWSM) Software for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is affected by the following vulnerabilities: Cisco FWSM Command Authorization Vulnerability SQL*Net Inspection Engine Denial of Service Vulnerability These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the other. Successful exploitation of the Cisco FWSM Command Authorization Vulnerability may result in a complete compromise of the confidentiality, integrity and availability of the affected system. Successful exploitation of the SQL*Net Inspection Engine Denial of Service Vulnerability may result in a reload of an affected device, leading to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm Note: The Cisco Adaptive Security Appliance (ASA) may be affected by the SQL*Net Inspection Engine Denial of Service Vulnerability. A separate Cisco Security Advisory has been published to disclose the vulnerabilities that affect the Cisco ASA. That advisory is available at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa 

Date:         09-OCT-2013 

Title:         Multiple Vulnerabilities in Cisco ASA Software 

Description:         

Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: IPsec VPN Crafted ICMP Packet Denial of Service Vulnerability SQL*Net Inspection Engine Denial of Service Vulnerability Digital Certificate Authentication Bypass Vulnerability Remote Access VPN Authentication Bypass Vulnerability Digital Certificate HTTP Authentication Bypass Vulnerability HTTP Deep Packet Inspection Denial of Service Vulnerability DNS Inspection Denial of Service Vulnerability AnyConnect SSL VPN Memory Exhaustion Denial of Service Vulnerability Clientless SSL VPN Denial of Service Vulnerability These vulnerabilities are independent of one other; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of the IPsec VPN Crafted ICMP Packet Denial of Service Vulnerability, SQL*Net Inspection Engine Denial of Service Vulnerability, HTTP Deep Packet Inspection Denial of Service Vulnerability, DNS Inspection Denial of Service Vulnerability, and Clientless SSL VPN Denial of Service Vulnerability may result in a reload of an affected device, leading to a denial of service (DoS) condition. Successful exploitation of the Digital Certificate Authentication Bypass Vulnerability, Remote Access VPN Authentication Bypass Vulnerability, and Digital Certificate HTTP Authentication Bypass Vulnerability may result in an authentication bypass, which could allow the attacker access to the inside network via remote access VPN or management access to the affected system via the Cisco Adaptive Security Device Management (ASDM). Successful exploitation of the AnyConnect SSL VPN Memory Exhaustion Denial of Service Vulnerability may exhaust available memory, which could result in general system instability and cause the affected system to become unresponsive and stop forwarding traffic. Cisco has released free software updates that address these vulnerabilities. Workarounds are 

Date:         09-OCT-2013 

Find additional information in Cisco Security Advisories & Responses 