You are here

U-125: Cisco ASA Multiple Bugs Let Remote Users Deny Service

March 15, 2012 - 7:00am

Addthis

PROBLEM:

Cisco ASA Multiple Bugs Let Remote Users Deny Service

PLATFORM:

Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module

ABSTRACT:

Several vulnerabilities were reported in Cisco ASA.

reference  LINKS:

SecurityTracker Alert ID: 1026800
Cisco Security Advisory ID: cisco-sa-20120314-asa

IMPACT ASSESSMENT:

High

Discussion:

A remote user can send specially crafted data via UDP through the device to trigger a flaw in the UDP inspection engine and cause the target device to reload [CVE-2012-0353]. Cisco has assigned Cisco bug ID CSCtq10441 to this vulnerability. (registered customers only)

The following UDP-based protocols may be affected:

* Domain Name System (DNS)
* Session Initiation Protocol (SIP)
* Simple Network Management Protocol (SNMP)
* GPRS Tunneling Protocol (GTP)
* H.323, H.225 RAS
* Media Gateway Control Protocol (MGCP)
* SunRPC
* Trivial File Transfer Protocol (TFTP)
* X Display Manager Control Protocol (XDMCP)
* IBM NetBios
* Instant Messaging (depending on the particular IM client/solution being used)

When the target device is configured with the Cisco ASA Scanning Threat Mode feature and with the shun option enabled, a remote user can cause the target device to reload [CVE-2012-0354]. Cisco has assigned Cisco bug ID CSCtw35765 to this vulnerability. (registered customers only).

If a remote user can create a condition that will cause syslog message ID 305006 to be generated, the remote user can cause the target device to reload [CVE-2012-0355].
Syslog message ID 305006 is generated when the device is unable to create a network address translation for a new connection. Cisco has assigned Cisco bug ID CSCts39634 to this vulnerability. (registered customers only).

A remote user can send a specially crafted Protocol Independent Multicast (PIM) message to cause the target device to reload [CVE-2012-0356]. Devices with multicast routing enabled are affected. Cisco has assigned Cisco bug ID CSCtr47517 to this vulnerability. (registered customers only).

Impact:

Successful exploitation of any of the vulnerabilities described in this security advisory may allow a remote, unauthenticated attacker to reload the affected system.

Solution:

Cisco has released free software updates that address the vulnerabilities described in this advisory. Prior to deploying software, customers are advised to consult their maintenance providers or check the software for feature set compatibility and known issues that are specific to their environments.

Customers with contracts should obtain upgraded software through their regular update channels. For most customers, upgrades should be obtained through the Software Center. Cisco Software Center.

 

Addthis