Cisco ASA Security Advisory


Warning: Use of undefined constant url - assumed 'url' (this will throw an Error in a future version of PHP) in /nfs/c01/h06/mnt/303/domains/robinsonassc.com/html/blg/wp-content/themes/reach/format-standard.php on line 17

Warning: Use of undefined constant width - assumed 'width' (this will throw an Error in a future version of PHP) in /nfs/c01/h06/mnt/303/domains/robinsonassc.com/html/blg/wp-content/themes/reach/format-standard.php on line 17

Warning: Use of undefined constant height - assumed 'height' (this will throw an Error in a future version of PHP) in /nfs/c01/h06/mnt/303/domains/robinsonassc.com/html/blg/wp-content/themes/reach/format-standard.php on line 17

Cisco has released a security advisory for a vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.

The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system.

Affected Products

Affected Cisco ASA Software running on the following products may be affected by this vulnerability:

  • Cisco ASA 5500 Series Adaptive Security Appliances
  • Cisco ASA 5500-X Series Next-Generation Firewalls
  • Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Cisco ASA 1000V Cloud Firewall
  • Cisco Adaptive Security Virtual Appliance (ASAv)
  • Cisco Firepower 9300 ASA Security Module
  • Cisco ISA 3000 Industrial Security Appliance
Cisco ASA Major Release First Fixed Release
7.21 Affected; migrate to 9.1(6.11) or later
8.01 Affected; migrate to 9.1(6.11) or later
8.11 Affected; migrate to 9.1(6.11) or later
8.21 8.2(5.59)2
8.31 Affected; migrate to 9.1(6.11) or later
8.4 8.4(7.30) or later
8.51 Not affected
8.61 Affected; migrate to 9.1(6.11) or later
8.7 8.7(1.18) or later
9.0 9.0(4.38) or later
9.1 9.1(6.11) or later
9.2 9.2(4.5) or later
9.3 9.3(3.7) or later
9.4 9.4(2.4) or later
9.5 9.5(2.2) or later

1Cisco ASA Software releases 7.2, 8.0, 8.1, 8.2, 8.3, 8.5, and 8.6 have reached End of Software Maintenance. Customers should migrate to a supported release.
2Cisco ASA Software release 8.2 reached End of Software Maintenance on October 21, 2015. To protect our customers still using the End of Support train 8.2 software, the Cisco ASA product team has made available an off-cycle release to address this issue. As Cisco has no plans for additional off-cycle updates to train 8.2, we recommend customers work with their relevant support organization to migrate to supported software.

For More Information Visit: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike

0 Comments

Be the first to post a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.