Cisco PIX and ASA Appliance 'TTL Decrement' Denial of Service Vulnerability

Multiple Cisco security appliances are prone to a denial-of-service vulnerability when the Time-To-Live (TTL) decrement feature is enabled for handling IP packets.

An attacker can exploit this issue to cause the affected devices to reload, denying service to legitimate users. Repeat attacks will result in a prolonged denial-of-service condition.

The following devices are affected:

Cisco PIX 500 Series Security Appliance
Cisco 5500 Series Adaptive Security Appliance (ASA)

Devices running software versions from 7.2(2) and up to 7.2(3)006 or 8.0(3) that have the TTL decrement feature enabled are vulnerable to this issue.

NOTE: The TTL decrement feature is not configured by default on the devices listed above. Devices that do not support the TTL decrement feature are not vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus