Vulnerability Management

Cisco addresses numerous vulnerabilities in ASA software

Cisco has issued updates to address numerous vulnerabilities discovered in its Adaptive Security Appliance (ASA) software.

The Cisco ASA software is the operating system used by Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco ASA 1000V Cloud Firewall, and Cisco Adaptive Security Virtual Appliance (ASAv), according to a Wednesday post.

The Cisco ASA software is impacted by numerous denial-of-service (DoS) vulnerabilities, including Cisco ASA SQL*NET Inspection Engine DoS vulnerability, Cisco ASA VPN DoS vulnerability, Cisco ASA IKEv2 DoS vulnerability, Cisco ASA Health and Performance Monitor DoS vulnerability, Cisco ASA GPRS Tunneling Protocol Inspection Engine DoS vulnerability, Cisco ASA SunRPC Inspection Engine DoS vulnerability, and Cisco ASA DNS Inspection Engine DoS vulnerability.

If exploited successfully, any one of the aforementioned vulnerabilities could result in a reload of an affected device, leading to a DoS condition, according to the post.

Exploiting a Cisco ASA VPN Failover Command Injection vulnerability, Cisco ASA VNMC Command Input Validation vulnerability, and Cisco ASA Local Path Inclusion vulnerability could result in a full compromise of the affected system.

Taking advantage of a Cisco ASA Clientless SSL VPN Information Disclosure and DoS vulnerability could result in disclosure of internal information or, in certain circumstances, a reload of the affected system.

The Cisco ASA Clientless SSL VPN Portal Customization Integrity vulnerability could be used to compromise the Clientless SSL VPN portal, consequently enabling cross-site scripting, stealing of credentials and redirects to malicious web pages, the post indicates.

The Cisco ASA Smart Call Home Digital Certificate Validation vulnerability could result in digital certificate validation bypass, “which, in some cases, could allow the attacker access to bypass digital certificate authentication and gain access inside the network via remote access VPN or management access to the affected system via the Cisco Adaptive Security Device Management (ASDM),” according to the post.

The Cisco Product Security Incident Response Team has not been made aware of any malicious use of the vulnerabilities.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.