SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Device (Firewall)  >   Cisco ASA Vendors:   Cisco
Cisco ASA Bugs Let Remote Users Deny Service and Execute Arbitrary Code
SecurityTracker Alert ID:  1027641
SecurityTracker URL:  http://securitytracker.com/id/1027641
CVE Reference:   CVE-2012-4643, CVE-2012-4659, CVE-2012-4660, CVE-2012-4661, CVE-2012-4662, CVE-2012-4663   (Links to External Site)
Date:  Oct 10 2012
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): ASA 5500 Series, Cisco Catalyst 6500 Series ASA Services Module
Description:   Several vulnerabilities were reported in Cisco ASA. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.

A remote user can send specially crafted DHCP data via IPv4 to the DHCP server on the target device or through the target device to trigger a memory allocation error and cause the target device to reload [CVE-2012-4643].

Cisco has assigned Cisco bug ID CSCtw84068 to this vulnerability.

A remote user can send a specially crafted response to an AAA challenge via IPv4 on an SSL VPN connection to cause the target device to reload [CVE-2012-4659]. Cisco ASA Software configured for Clientless or AnyConnect SSL VPN is affected. IPsec VPN Server, IPSEC/L2TP VPN Server, or IKEv2 AnyConnect server configurations are not affected.

Cisco has assigned Cisco bug ID CSCtz04566 to this vulnerability.

A remote user can send specially crafted SIP packets (as part of an established SIP session) through the target device to cause the target device to reload [CVE-2012-4660].

Cisco has assigned Cisco bug ID CSCtr63728 to this vulnerability.

A remote user can send specially crafted DCERPC data through the target device to trigger a stack overflow in the DCERPC inspection engine and execute arbitrary code on the target device or cause the target device to reload [CVE-2012-4661].

Cisco has assigned Cisco bug ID CSCtr21359 to this vulnerability.

A remote user can send specially crafted DCERPC data through the target device to cause the target device to reload [CVE-2012-4662, CVE-2012-4663].

Cisco has assigned Cisco bug IDs CSCtr21376 and CSCtr21346 to these vulnerabilities.

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can cause the target device to reload.

Solution:   The vendor has issued a fix (7.2(5.8), 8.0(5.28), 8.1(2.56), 8.2(5.33), 8.3(2.34), 8.4(4.5), 8.5(1.14), 8.6(1.5)).

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-asa

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-asa (Links to External Site)
Cause:   Access control error, Boundary error, State error
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Wed, 10 Oct 2012 12:10:54 -0400
Subject:  Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security
Appliances and Cisco Catalyst 6500 Series ASA Services Module

Advisory ID: cisco-sa-20121010-asa

Revision 1.0

For Public Release 2012 October 10 16:00  UTC (GMT)
- ----------------------------------------------------------------------

Summary
=======

Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco
Catalyst 6500 Series ASA Services Module (ASASM) may be affected by
the following vulnerabilities:

DHCP Memory Allocation Denial of Service Vulnerability
SSL VPN Authentication Denial of Service Vulnerability
SIP Inspection Media Update Denial of Service Vulnerability
DCERPC Inspection Buffer Overflow Vulnerability
Two DCERPC Inspection Denial Of Service Vulnerabilities

These vulnerabilities are independent of each other; a release that is
affected by one of the vulnerabilities may not be affected by the
others.

Successful exploitation of any of these vulnerabilities could allow an
unauthenticated remote attacker to trigger a reload of the affected
device. Exploitation of the DCERPC Inspection Buffer Overflow
Vulnerability could additionally cause a stack overflow and possibly
the execution of arbitrary commands.

Cisco has released free software updates that address these
vulnerabilities. Workarounds are available for some of these
vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-asa

Note: The Cisco Firewall Services Module for Cisco Catalyst 6500 and
Cisco 7600 Series (FWSM) may be affected by some of the
vulnerabilities listed above. A separate Cisco Security Advisory has
been published to disclose the vulnerabilities that affect the Cisco
FWSM. This advisory is available at:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-fwsm

The Cisco ASA 1000V Cloud Firewall and Cisco ASA-CX Context-Aware
Security are not affected by any of these vulnerabilities.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlB1jRsACgkQUddfH3/BbTo1RwD+NHNKsAkrc/dZ+XAhDtqAyVIY
xaVp6BpwmKAnBbDtwVQA/jXPlWJbmNmSOiHTAI30KkXahf9Bi9+bIvnQyeUI6aUM
=Ncu5
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC