what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Cisco Security Advisory 20141008-asa

Cisco Security Advisory 20141008-asa
Posted Oct 9, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Adaptive Security Appliance (ASA) Software is affected by denial of service, cross site scripting, and command injection vulnerabilities. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available.

tags | advisory, denial of service, vulnerability, xss
systems | cisco
SHA-256 | cf3c5080adaffa717adb284196c0ff62f8e668868896ac65f152107b007d4dac

Cisco Security Advisory 20141008-asa

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in Cisco ASA Software

Advisory ID: cisco-sa-20141008-asa

Revision 1.0

For Public Release 2014 October 8 16:00 UTC (GMT)

Summary
+======

Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities:

Cisco ASA SQL*NET Inspection Engine Denial of Service Vulnerability
Cisco ASA VPN Denial of Service Vulnerability
Cisco ASA IKEv2 Denial of Service Vulnerability
Cisco ASA High Performance Monitor Denial of Service Vulnerability
Cisco ASA GPRS Tunneling Protocol Inspection Engine Denial of Service Vulnerability
Cisco ASA SunRPC Inspection Engine Denial of Service Vulnerability
Cisco ASA DNS Inspection Engine Denial of Service Vulnerability
Cisco ASA VPN Failover Command Injection Vulnerability
Cisco ASA VNMC Command Input Validation Vulnerability
Cisco ASA Local Path Inclusion Vulnerability
Cisco ASA Clientless SSL VPN Information Disclosure and Denial of Service Vulnerability
Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability
Cisco ASA Smart Call Home Digital Certificate Validation Vulnerability

These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others.

Successful exploitation of the Cisco ASA SQL*NET Inspection Engine Denial of Service Vulnerability, Cisco ASA VPN Denial of Service Vulnerability, Cisco ASA IKEv2 Denial of Service Vulnerability, Cisco ASA High Performance Monitor Denial of Service Vulnerability, Cisco ASA GPRS Tunneling Protocol Inspection Engine Denial of Service Vulnerability, Cisco ASA SunRPC Inspection Engine Denial of Service Vulnerability, and Cisco ASA DNS Inspection Engine Denial of Service Vulnerability may result in a reload of an affected device, leading to a denial of service (DoS) condition.

Successful exploitation of the Cisco ASA VPN Failover Command Injection Vulnerability, Cisco ASA VNMC Command Input Validation Vulnerability, and Cisco ASA Local Path Inclusion Vulnerability may result in full compromise of the affected system.

Successful exploitation of the Cisco ASA Clientless SSL VPN Information Disclosure and Denial of Service Vulnerability may result in the disclosure of internal information or, in some cases, a reload of the affected system.

Successful exploitation of the Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability may result in a compromise of the Clientless SSL VPN portal, which may lead to several types of attacks, which are not limited to cross-site scripting (XSS), stealing of credentials, or redirects of users to malicious web pages.

Successful exploitation of the Cisco ASA Smart Call Home Digital Certificate Validation Vulnerability may result in a digital certificate validation bypass, which could allow the attacker to bypass digital certificate authentication and gain access inside the network via remote access VPN or management access to the affected system via the Cisco Adaptive Security Device Management (ASDM).

Cisco has released free software updates that address these vulnerabilities.
Workarounds that mitigate some of these vulnerabilities are available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJUNUBiAAoJEIpI1I6i1Mx3hVAQAKtIV7wBHDjwlHPFj81eM7D0
xf96/YJYO4E1v+qX4waOURzuWf752JPXG00WeB7OXqQg15J6nGR1H4hc9rGyUGg1
fZEbaxBBzosGFK3kf/giONO1jSeRRsOPMVMTKVanCeRwUj/XSP3VeWdWK5BwjSYN
6MkcPryJjo0/7jisUh0SPUUq8OHFoqVtsx+AzLgdcWN5vpGhgSpJVX5WCSS+Mgu1
fAuY49zW/bO9K/oP8KQnzmU2TR6iSLLYwbfU6KglHc8OYVKa6A5cGvqaKWAhxnlX
wV34Ry8AdkzFbHl/rZm8Qg+8urdtGEtQ5pGWOooMmNhu0ZToKNxIzneT3Kp01w1r
vQoU+UPPKkAC6rmaI30t3ZyCSVvXxx1xXkskFs0LP59tm7d7EvoSyITeu4ytejiw
ck1kFWA6gMZuQ2HWFkFo2SLoygS43tEwZzrx/uGJ1YwYPiED3kb7K8UpL3Zj5wD1
JyRog3+SrsYvlVJ2ZV4bTPCtJkbeiYGiuEZ/yC/1WheAiKbsVrurVXwynT0XJDpA
2BL9AdnHxEWYJd+gvBpoELfwSsVQk3WOY/PjmhWaiiRSQlAG4K2IPRugQf1eyJ5Q
bjjCnkCproQWVqInCG8JUrTovyQEWe8mev2yMFm/e9zeaVtZhC/FyXG4+ImdXv58
z7tiykxJ8VKRkWGtqYK5
=HjcM
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close