Back to list
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
Apr 09 2014 04:05PM
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Multiple Vulnerabilities in Cisco ASA Software
Advisory ID: cisco-sa-20140409-asa
For Public Release 2014 April 9 16:00 UTC (GMT)
Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities:
Cisco ASA ASDM Privilege Escalation Vulnerability
Cisco ASA SSL VPN Privilege Escalation Vulnerability
Cisco ASA SSL VPN Authentication Bypass Vulnerability
Cisco ASA SIP Denial of Service Vulnerability
These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others.
Successful exploitation of the Cisco ASA ASDM Privilege Escalation Vulnerability and the Cisco ASA SSL VPN Privilege Escalation Vulnerability may allow an attacker or an unprivileged user to elevate privileges and gain administrative access to the affected system.
Successful exploitation of the Cisco ASA SSL VPN Authentication Bypass Vulnerability may allow an attacker to obtain unauthorized access to the internal network via SSL VPN.
Successful exploitation of the Cisco ASA SIP Denial of Service Vulnerability may cause the exhaustion of available memory. This may cause system instability and in some cases lead to a reload of the affected system, creating a denial of service (DoS) condition.
Cisco has released free software updates that address these vulnerabilities.
Workarounds that mitigate these vulnerabilities are available for some of the vulnerabilities.
This advisory is available at the following link:
Note: This security advisory does not provide information about the OpenSSL TLS Heartbeat Read Overrun Vulnerability identified by CVE-2014-0160 (also known as Heartbleed). For additional information regarding Cisco products affected by this vulnerability, refer to the Cisco Security Advisory available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
-----END PGP SIGNATURE-----
[ reply ]
Copyright 2010, SecurityFocus