Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: 5 News Cisco Vulnerabilities for PIX and ASA - SANS Internet Storm Center SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
5 News Cisco Vulnerabilities for PIX and ASA

Cisco has released details on 5 vulnerabilities with their PIX and ASA product lines.  In short, the quick bullet list of vulnerabilities is:

  • Crafted TCP ACK Packet Vulnerability (Denial of Service)
  • Crafted TLS Packet Vulnerability (Denial of Service)
  • Instant Messenger Inspection Vulnerability (Denial of Service)
  • Vulnerability Scan Denial of Service (Denial of Service)
  • Control-plane Access Control List Vulnerability (Bypass ACL)

Updates are available to fix all of the above and there are no workarounds for the final four of these.  In short, update your devices.  Good news is that these were internal finds and it doesn't appear there is exploitation or "public" knowledge of the vulnerability details to create exploits.

John Bambenek / bambenek \at\ gmail |dot| com



248 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!