You are here

U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability

June 22, 2012 - 7:00am

Addthis

PROBLEM:

A vulnerability has been reported in Cisco Adaptive Security Appliances (ASA), which can be exploited by malicious people to cause a DoS (Denial of Service).

PLATFORM:

Cisco Adaptive Security Appliance (ASA) 8.x
Cisco ASA 5500 Series Adaptive Security Appliances

ABSTRACT:

The vulnerability is caused due to an unspecified error when handling IPv6 transit traffic and can be exploited to cause a reload of the affected device.

reference LINKS:

Vendor Advisory
Secunia ID 49647
CVE-2012-3058

IMPACT ASSESSMENT:

High

Discussion:

Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and Cisco Catalyst 6500 Series ASA Services Module (Cisco ASASM) contain a vulnerability that may allow an unauthenticated, remote attacker to cause a reload of the affected device.

Successful exploitation requires the device to be configured in transparent firewall mode with system logging enabled for message ID 110003.

Note: This vulnerability can only be triggered by IPv6 transit traffic, and affects both Cisco ASA and Cisco ASASM when configured in transparent firewall mode (either single or multiple context mode).

Impact:

Remote DOS

Solution:

The vendor has issued a fix that is available through Cisco Support.

Addthis