we track for your security since 1999

vulnerabilities

The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability announce CVE-2012-3058

Cisco ASA, Catalyst ASASM: denial of service via IPv6

Synthesis of the vulnerability

In a special configuration of Cisco ASA and Catalyst ASASM, an attacker can send a malicious IPv6 packet, in order to restart the system.
Impacted products: ASA, Cisco Catalyst.
Severity: 2/4.
Creation date: 20/06/2012.
Identifiers: BID-54106, CERTA-2012-AVI-347, cisco-sa-20120620-asaipv6, CSCua27134, CVE-2012-3058, VIGILANCE-VUL-11727.

Description of the vulnerability

A vulnerability impacts the following products:
- Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA)
- Cisco Catalyst 6500 Series ASA Services Module (Cisco ASASM)

This vulnerability impacts the following configuration:
- the firewall is in transparent mode, and
- IPv6 is enabled, and
- the message ID 110003 (cannot find the Next Hop) is logged.

Indeed, in this case, an attacker can send an IPv6 packet generating an error when logging the message 110003. This error reloads the system.

In a special configuration of Cisco ASA and Catalyst ASASM, an attacker can therefore send a malicious IPv6 packet, in order to restart the system.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Computer vulnerabilities tracking service

Vigil@nce provides software vulnerabilities announces. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities.