CERT-MU :Advisories

Home | Search | FAQ | Site Map | Contact Us

|| Hotline : 800 2378 || To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu || To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||

Charter & Mission

CERT-MU Services

Constituency

Authority

Incident Reporting

Vulnerability Reporting

Incident Statistics Forms

Vol. 2, Feb 2012

Vol. 1, Oct 2011

World CERTs

Security Sites

Security Tools

Antivirus Resources

Email Abuse

Network Abuse

Anti-Spam Initiative

Cyber Security Portal

Safer Internet Day

Computer Security Day

National Computer Board

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University

CERT-MU AD-2008-16

Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities

Original issue date: 9 September, 2008

Overview

Multiple vulnerabilities have been reported in Cisco ASA and PIX, which could be exploited by attackers or malicious users to gain knowledge of sensitive information or cause a denial of service.

Description

Cisco PIX is a dedicated Hardware Firewall appliance. A Cisco ASA is a firewall and anti malware security appliance from Cisco System. The ASA (Adopted Security Algorithm) could take the place of three separate devices--a Cisco PIX firewall, a Cisco VPN Concentrator, and a Cisco IPS.

1. Erroneous SIP Processing Vulnerabilities

The vulnerability exists in systems that are configured for SIP inspection. SIP inspection is enabled with the inspect sip command. In this configuration, multiple processing errors exist in the appliances because SIP packets are not properly handled. An attacker could exploit the vulnerability via crafted SIP packets to trigger memory corruption and cause the device to reload, resulting in a DoS condition.

2. IPsec Client Authentication Processing Denial of Service Vulnerability

The vulnerability exists only in systems that have been configured as termination points for VPN connections. A remote attacker could exploit this vulnerability to cause the affected system to reload, which may result in a denial of service condition.

3. Clientless SSL VPN Denial of Service Vulnerability

Cisco ASA software contains a vulnerability that could allow an unauthenticated, remote attacker to crash an affected device.

The vulnerability is due to an error in the software when the device is configured to terminate clientless VPN connections. An attacker could exploit this vulnerability to cause the device to reload, resulting in a temporary denial of service (DoS) condition.

4. Clientless HTTP VPN Denial of Service Vulnerability

Cisco ASA software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a crash of the affected device, resulting in a denial of service (DoS) condition.

The vulnerability exists due to an error in the clientless HTTP VPN mode. An unauthenticated, remote attacker could exploit this vulnerability by sending an HTTP packet to the affected device. An exploit could cause the device to reload, causing a DoS condition. Repeated attacks may cause a vulnerable device to become unavailable.

5. Clientless VPN Information Disclosure Vulnerability

Cisco PIX and ASA software contains a vulnerability that could allow an unauthenticated, remote attacker to gain access to sensitive information.

The vulnerability is due to an error when handling clientless VPN connections. An attacker could exploit the vulnerability by convincing a user to visit a malicious web page, open a malicious e-mail message, or interact with a malicious service. If successful, the attacker could gain access to sensitive information such as user or group authentication credentials.

Affected systems

• Cisco PIX or ASA software versions prior to 7.0(7)16, 7.1(2)71, 7.2(4)7, 8.0(3)20, or 8.1(1)8 - erroneous SIP processing vulnerability.

• Cisco PIX and ASA software versions prior to 7.2(4)2, prior to 8.0(3)14, or prior to 8.1(1)4 - IPsec Client Authentication Processing Denial of Service Vulnerability and Clientless SSL VPN Denial of Service Vulnerability.

• Cisco ASA software versions prior to 8.0(3)15 or prior to 8.1(1)5 - Clientless HTTP VPN Denial of Service Vulnerability.

• Cisco ASA software versions 8.0(3)15 and 8.0(3)16 and versions 8.1(1)4 and 8.1(4)5- Clientless VPN Information Disclosure Vulnerability.

Impact

Severity Rating: High

Solution

Apply appropriate patches as mentioned in CISCO Security Advisory.
http://www.cisco.com/en/US/products/products_security _advisory09186a00809f138a.shtml

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Vendor Information

Cisco
http://www.cisco.com/en/US/products/products_security_
advisory09186a00809f138a.shtml
http://tools.cisco.com/security/center/viewAlert.x?alertId=16323
http://tools.cisco.com/security/center/viewAlert.x?alertId=16327
http://tools.cisco.com/security/center/viewAlert.x?alertId=16328
http://tools.cisco.com/security/center/viewAlert.x?alertId=16329
http://tools.cisco.com/security/center/viewAlert.x?alertId=16560

CVE-Name

CVE-2008-2732
CVE-2008-2733
CVE-2008-2734
CVE-2008-2735
CVE-2008-2736

References

FrSIRT
http://www.frsirt.com/english/advisories/2008/2492

Secunia
http://secunia.com/advisories/31730/