-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vulnerabilities in Cisco ASA Software Advisory ID: cisco-sa-20140409-asa Revision 1.0 For Public Release 2014 April 9 16:00 UTC (GMT) Summary ======= Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: Cisco ASA ASDM Privilege Escalation Vulnerability Cisco ASA SSL VPN Privilege Escalation Vulnerability Cisco ASA SSL VPN Authentication Bypass Vulnerability Cisco ASA SIP Denial of Service Vulnerability These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of the Cisco ASA ASDM Privilege Escalation Vulnerability and the Cisco ASA SSL VPN Privilege Escalation Vulnerability may allow an attacker or an unprivileged user to elevate privileges and gain administrative access to the affected system. Successful exploitation of the Cisco ASA SSL VPN Authentication Bypass Vulnerability may allow an attacker to obtain unauthorized access to the internal network via SSL VPN. Successful exploitation of the Cisco ASA SIP Denial of Service Vulnerability may cause the exhaustion of available memory. This may cause system instability and in some cases lead to a reload of the affected system, creating a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available for some of the vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa Note: This security advisory does not provide information about the OpenSSL TLS Heartbeat Read Overrun Vulnerability identified by CVE-2014-0160 (also known as Heartbleed). For additional information regarding Cisco products affected by this vulnerability, refer to the Cisco Security Advisory available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTRW5YAAoJEIpI1I6i1Mx3eL0P/0B7V5l5M5++F8QuYHbKcg85 7Rn1IAOjIWJyWHT5JgGAbNvCfYHe4eTdTvF0ijP8DErhfbxWOA3D7EegJY3dw6fo fiKHVoxguR8F4GW4jTq8miHFu0rQ8Yke1lGJPGEN6EbNof+MzAihTnwFoh0miz/8 h8PaxUI+XRMh7DgvdWIwdItj0afmsBJ+4Un1XqDw5YuaeVGsl6sxCXgnS2WaaCkA tJWhtXi0//piAdEKyTmRgV+vUWSCMvm3cmMjl6RaIUNvPgwcryfaLn6HxuOAEYKL ayAabGJ2WFYJzYdbyyomccJ/5AEApFubdxXC8aQkzVqVXhypbedJCP8v+AVFZFth s8qNGJc+4XL7F/ZrNPi7qRJy0Ll+eQJ4+wyIXSWv7uPuGDXuWctfXckfFc+DhtJL z+wWwhsgvXjnzkO8zIqAAY9USXzoJ33U9PztLE6SnP7tuorCS5ls3RMXQylS0DRc OYzSnRn9p44xvpBldE9TWl9oxo5eWMXyPGqo/pHzU1nBEqXZJesAr+D9PRXZvOHk 7kxIfCAE/6VASiWa4WtQ1Mb1uV99s9KKQhn0fAv5Fg/0WH2Q/9fTtcyHqB4cWXLE 9bM2c26iZGrwuYiUonHwi3bi2gNbF3TLsmxvV+W7/NihdVgJwv+jAxLahSLQ6Vji 9g1oNfty2EMETTgUmjkL =8YEX -----END PGP SIGNATURE-----