October 24, 2014

Cisco Releases New Security Advisories

(LiveHacking.Com) – Cisco has released three new security advisories to address vulnerabilities in the products:

  • Cisco ASA 5500 Series Adaptive Security Appliances (ASA)
  • Cisco Catalyst 6500 Series ASA Service Module (ASASM)
  • Cisco Catalyst 6500 Series Firewall Service Module (FWSM)
  • Cisco Adaptive Security Appliance Software 7.1 and 7.2
  • Cisco Adaptive Security Appliance Software 8.0, 8.1, 8.2, 8.3, 8.4, 8.6

The first set of vulnerabilies are found in the Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM). The Cisco ASA UDP inspection engine that is used to inspect UDP-based protocols contains a vulnerability that could allow a remote unauthenticated attacker to trigger a reload of the Cisco ASA. The vulnerability is due to improper flow handling by the inspection engine. An attacker could exploit this vulnerability by sending a specially crafted sequence through the affected system.

Next, it has been revealed that the Cisco Catalyst 6500 Series Firewall Services Module (FWSM) contains a Protocol Independent Multicast (PIM) denial of service vulnerability. A vulnerability exists in the way PIM is implemented that may cause affected devices to reload during the processing of a PIM message when multicast routing is enabled. The vulnerability is due to improper handling of PIM messages. An attacker could exploit this vulnerability by sending a crafted PIM message to the affected system.

Lastly, Cisco is warning that the client side ActiveX control  used with Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) may be affected if the system has ever connected to a device that is running the Cisco Clientless VPN solution. A remote, unauthenticated attacker who could convince a user to connect to a malicious web page could exploit this issue to execute arbitrary code on the affected machine with the privileges of the web browser.

Cisco has released free software updates that address these vulnerabilities. More details can be found at cisco-sa-20120314-asacisco-sa-20120314-fwsm, and cisco-sa-20120314-asaclient.