Executive Summary

Summary
Title Multiple Vulnerabilities in Cisco ASA Software
Informations
Name cisco-sa-20131009-asa First vendor Publication 2013-10-09
Vendor Cisco Last vendor Modification 2013-10-17
Severity (Vendor) N/A Revision 2.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities:

IPsec VPN Crafted ICMP Packet Denial of Service Vulnerability SQL*Net Inspection Engine Denial of Service Vulnerability Digital Certificate Authentication Bypass Vulnerability Remote Access VPN Authentication Bypass Vulnerability Digital Certificate HTTP Authentication Bypass Vulnerability HTTP Deep Packet Inspection Denial of Service Vulnerability DNS Inspection Denial of Service Vulnerability AnyConnect SSL VPN Memory Exhaustion Denial of Service Vulnerability Clientless SSL VPN Denial of Service Vulnerability Crafted ICMP Packet Denial of Service Vulnerability

These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others.

Successful exploitation of the IPsec VPN Crafted ICMP Packet Denial of Service Vulnerability, SQL*Net Inspection Engine Denial of Service Vulnerability, HTTP Deep Packet Inspection Denial of Service Vulnerability, DNS Inspection Denial of Service Vulnerability, and Clientless SSL VPN Denial of Service Vulnerability may result in a reload of an affected device, leading to a denial of service (DoS) condition.

Successful exploitation of the Digital Certificate Authentication Bypass Vulnerability, Remote Access VPN Authentication Bypass Vulnerability, and Digital Certificate HTTP Authentication Bypass Vulnerability may result in an authentication bypass, which could allow the attacker access to the inside network via remote access VPN or management access to the affected system via the Cisco Adaptive Security Device Management (ASDM).

Successful exploitation of the AnyConnect SSL VPN Memory Exhaustion Denial of Service Vulnerability may exhaust available memory, which could result in general system instability and cause the affected system to become unresponsive and stop forwarding traffic.

Successful exploitation of the Crafted ICMP Packet Denial of Service Vulnerability may cause valid connections to drop that are passing through the affected system, or cause a reload of the system, leading to a denial of service (DoS) condition.

Cisco has released free software updates that address these vulnerabilities. Workarounds are available for some of the vulnerabilities.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa

Note: The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers may be affected by the SQL*Net Inspection Engine Denial of Service Vulnerability. A separate Cisco Security Advisory has been published to disclose the vulnerabilities that affect the Cisco FWSM. This advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm

BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.20 (Darwin)

iF0EAREKAAYFAlJgBC8ACgkQUddfH3/BbToDOAD8D9ORwOL4lSRbCaSewo8YA65y FwQ4b5gDNLA3LkZPU48A+KqSpKNS9y6akZnHQMwOsaCFiQAI3Yd2cjEIoyhETjA= =BJqj END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
30 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
20 % CWE-287 Improper Authentication
10 % CWE-399 Resource Management Errors
10 % CWE-362 Race Condition
10 % CWE-310 Cryptographic Issues
10 % CWE-264 Permissions, Privileges, and Access Controls
10 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 61
Os 117

Information Assurance Vulnerability Management (IAVM)

Date Description
2013-10-17 IAVM : 2013-A-0192 - Multiple Vulnerabilities in Cisco ASA
Severity : Category I - VMSKEY : V0040780
2013-10-17 IAVM : 2013-A-0193 - Multiple Vulnerabilities in Cisco Firewall Services Module (FWSM)
Severity : Category I - VMSKEY : V0040790

Snort® IPS/IDS

Date Description
2014-11-16 Cisco ASA SQLNet inspection engine denial of service attempt
RuleID : 31667 - Revision : 3 - Type : SERVER-OTHER
2014-11-16 Cisco ASA SQLNet inspection engine denial of service attempt
RuleID : 31666 - Revision : 3 - Type : SERVER-OTHER
2014-11-16 Cisco ASA SQLNet inspection engine denial of service attempt
RuleID : 31665 - Revision : 3 - Type : SERVER-OTHER
2014-11-16 Cisco ASA SQLNet inspection engine denial of service attempt
RuleID : 31664 - Revision : 3 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2013-10-18 Name : The remote device is missing a vendor-supplied security update.
File : cisco-sa-20131009-fwsm.nasl - Type : ACT_GATHER_INFO
2013-10-17 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20131009-asa.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2016-07-21 12:09:08
  • Multiple Updates
2014-11-16 21:24:14
  • Multiple Updates
2014-02-17 10:22:12
  • Multiple Updates
2013-11-11 12:37:34
  • Multiple Updates
2013-10-17 21:20:40
  • Multiple Updates
2013-10-15 21:26:01
  • Multiple Updates
2013-10-09 21:24:22
  • Multiple Updates
2013-10-09 21:19:51
  • First insertion