Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: InfoSec Handlers Diary Blog - 5 News Cisco Vulnerabilities for PIX and ASA InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

5 News Cisco Vulnerabilities for PIX and ASA

Published: 2008-06-04
Last Updated: 2008-06-04 20:04:45 UTC
by John Bambenek (Version: 1)
0 comment(s)

Cisco has released details on 5 vulnerabilities with their PIX and ASA product lines.  In short, the quick bullet list of vulnerabilities is:

  • Crafted TCP ACK Packet Vulnerability (Denial of Service)
  • Crafted TLS Packet Vulnerability (Denial of Service)
  • Instant Messenger Inspection Vulnerability (Denial of Service)
  • Vulnerability Scan Denial of Service (Denial of Service)
  • Control-plane Access Control List Vulnerability (Bypass ACL)

Updates are available to fix all of the above and there are no workarounds for the final four of these.  In short, update your devices.  Good news is that these were internal finds and it doesn't appear there is exploitation or "public" knowledge of the vulnerability details to create exploits.

--
John Bambenek / bambenek \at\ gmail |dot| com

 

Keywords:
0 comment(s)
Diary Archives