The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco ASA

computer weakness note CVE-2013-0149

OSPF: corrupting the routing database

Synthesis of the vulnerability

An attacker can spoof OSPF messages, in order to corrupt the routing database.
Severity: 3/4.
Creation date: 02/08/2013.
Revisions dates: 01/08/2014, 14/02/2017.
Identifiers: BID-61566, c03880910, CERTA-2013-AVI-458, CERTA-2013-AVI-487, CERTA-2013-AVI-508, cisco-sa-20130801-lsaospf, CQ95773, CSCug34469, CSCug34485, CSCug39762, CSCug39795, CSCug63304, CVE-2013-0149, HPSBHF02912, JSA10575, JSA10580, JSA10582, PR 878639, PR 895456, sk94490, SUSE-SU-2014:0879-1, VIGILANCE-VUL-13192, VU#229804.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The RFC 2328 defines the OSPF protocol (Open Shortest Path First) which established IP routes, using LSA (Link State Advertisement) messages.

The LSA Type 1 Update (LSU, Link-State Update) message is used to update the routing database. However, the RFC does not request to check the "Link State ID" and "Advertising Router" fields of LSU messages. Several implementations (Cisco, Juniper, etc.) therefore do not perform this check.

An attacker can thus spoof a LSU message if he knows:
 - the IP address of the target router
 - LSA DB sequence numbers
 - the router ID of the OSPF Designated Router

An attacker can therefore spoof OSPF messages, in order to corrupt the routing database.
Full Vigil@nce bulletin... (Free trial)

computer threat alert CVE-2016-9225

Cisco ASA: denial of service via IP fragmentation

Synthesis of the vulnerability

An attacker can send a specially fragmented packet to be processed by the CX module of Cisco ASA, in order to trigger a denial of service.
Severity: 3/4.
Creation date: 26/01/2017.
Identifiers: cisco-sa-20170125-cas, CVE-2016-9225, VIGILANCE-VUL-21689.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco ASA product includes a module named "CX" that processes routed IP packets.

However, when a specially fragmented packets is received, the CX module freezes.

An attacker can therefore send a specially fragmented packet to be processed by the CX module of Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2016-9209

Cisco ASA: privilege escalation via FirePOWER Malware Protection

Synthesis of the vulnerability

An attacker can bypass restrictions via FirePOWER Malware Protection of Cisco ASA, in order to escalate his privileges.
Severity: 2/4.
Creation date: 14/12/2016.
Identifiers: cisco-sa-20161207-fpwr, CSCvb20102, CVE-2016-9209, VIGILANCE-VUL-21379.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via FirePOWER Malware Protection of Cisco ASA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2016-7053 CVE-2016-7054 CVE-2016-7055

OpenSSL 1.1: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL 1.1.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 10/11/2016.
Revision date: 13/12/2016.
Identifiers: 2004036, 2004940, 2011567, 492284, 492616, bulletinapr2017, CERTFR-2018-AVI-343, cisco-sa-20161114-openssl, cpuapr2019, cpujan2018, cpujul2017, CVE-2016-7053, CVE-2016-7054, CVE-2016-7055, ESA-2016-148, ESA-2016-149, FG-IR-17-019, JSA10775, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0527-1, openSUSE-SU-2017:0941-1, openSUSE-SU-2018:0458-1, SA40423, VIGILANCE-VUL-21093.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL 1.1.

An attacker can generate a buffer overflow via ChaCha20/Poly1305, in order to trigger a denial of service. [severity:2/4; CVE-2016-7054]

An attacker can force a NULL pointer to be dereferenced via CMS Structures, in order to trigger a denial of service. [severity:2/4; CVE-2016-7053]

An error occurs in the Broadwell-specific Montgomery Multiplication Procedure, but with no apparent impact. [severity:1/4; CVE-2016-7055]
Full Vigil@nce bulletin... (Free trial)

security announce CVE-2016-6461

Cisco ASA: privilege escalation via XML Commands

Synthesis of the vulnerability

An attacker can bypass restrictions via XML Commands of Cisco ASA, in order to escalate his privileges.
Severity: 2/4.
Creation date: 17/11/2016.
Identifiers: cisco-sa-20161116-asa, CSCva38556, CVE-2016-6461, VIGILANCE-VUL-21149.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via XML Commands of Cisco ASA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce 21138

ICMP: denial of service via ICMP Type 3 Code 3, BlackNurse

Synthesis of the vulnerability

An attacker can send numerous ICMP Type 3 Code 3 packets to some routers/firewalls, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 16/11/2016.
Identifiers: Black Nurse, sk114500, VIGILANCE-VUL-21138.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The ICMP protocol uses packets of Type 3 Code 3 to announce that a port is unreachable. This packet is usually sent as a reply to the sender of a packet sent to a closed TCP/UDP port.

However, when numerous ICMP Type 3 Code 3 packets are received, some devices uselessly consume many resources to process them.

An attacker can therefore send numerous ICMP Type 3 Code 3 packets to some routers/firewalls, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2016-6431

Cisco ASA: denial of service via HTTPS

Synthesis of the vulnerability

An attacker can send malicious HTTPS packets to Cisco ASA, in order to trigger a denial of service.
Severity: 3/4.
Creation date: 20/10/2016.
Identifiers: CERTFR-2016-AVI-354, cisco-sa-20161019-asa-ca, CSCuz47295, CVE-2016-6431, VIGILANCE-VUL-20925.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco ASA product has a Local Certificate Authority service.

However, when malicious HTTPS packets are received, a fatal error occurs.

An attacker can therefore send malicious HTTPS packets to Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2016-6432

Cisco ASA: buffer overflow via Identity Firewall

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Identity Firewall of Cisco ASA, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 20/10/2016.
Identifiers: CERTFR-2016-AVI-354, cisco-sa-20161019-asa-idfw, CSCvb19843, CVE-2016-6432, VIGILANCE-VUL-20924.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco ASA product offers a Identity Firewall service.

However, if the size of NetBIOS data is greater than the size of the storage array, an overflow occurs.

An attacker can therefore generate a buffer overflow via Identity Firewall of Cisco ASA, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

security note CVE-2016-6424

Cisco ASA: denial of service via DHCP Relay

Synthesis of the vulnerability

An attacker can generate a fatal error via DHCP Relay of Cisco ASA, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 06/10/2016.
Identifiers: CERTFR-2016-AVI-331, cisco-sa-20161005-asa-dhcp, CSCuy66942, CVE-2016-6424, VIGILANCE-VUL-20778.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via DHCP Relay of Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2016-7052

OpenSSL 1.0.2i: NULL pointer dereference via CRL

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via a CRL on an application linked to OpenSSL 1.0.2i, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 26/09/2016.
Identifiers: 1996096, 2000095, 2000209, 2003480, 2003620, 2003673, 2008828, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-7052, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FreeBSD-SA-16:27.openssl, HPESBHF03856, JSA10759, openSUSE-SU-2016:2496-1, openSUSE-SU-2018:0458-1, SA132, SB10171, SP-CAAAPUE, SPL-129207, SSA:2016-270-01, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, TNS-2016-16, VIGILANCE-VUL-20701.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenSSL version 1.0.2i product fixed a bug in CRL management.

However, this fix does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced via a CRL on an application linked to OpenSSL 1.0.2i, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco ASA: