vulnerability announce CVE-2012-3058
Cisco ASA, Catalyst ASASM: denial of service via IPv6
Synthesis of the vulnerability
In a special configuration of Cisco ASA and Catalyst ASASM, an attacker can send a malicious IPv6 packet, in order to restart the system.Impacted products:
ASA, Cisco Catalyst.
BID-54106, CERTA-2012-AVI-347, cisco-sa-20120620-asaipv6, CSCua27134, CVE-2012-3058, VIGILANCE-VUL-11727.
Description of the vulnerability
A vulnerability impacts the following products:
- Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA)
- Cisco Catalyst 6500 Series ASA Services Module (Cisco ASASM)
This vulnerability impacts the following configuration:
- the firewall is in transparent mode, and
- IPv6 is enabled, and
- the message ID 110003 (cannot find the Next Hop) is logged.
Indeed, in this case, an attacker can send an IPv6 packet generating an error when logging the message 110003. This error reloads the system.
In a special configuration of Cisco ASA and Catalyst ASASM, an attacker can therefore send a malicious IPv6 packet, in order to restart the system.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides software vulnerabilities announces
. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities.