Cisco ASA Multiple Vulnerabilities

Last Update Date: 4 Jun 2012 Release Date: 15 Mar 2012 5265 Views

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability has been identified in Cisco ASA. A remote user can cause arbitrary code to be executed on the target user's system or cause denial of service conditions.

A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause the target device to reload.

Impact

Denial of Service
Remote Code Execution

System / Technologies affected

Cisco ASA 5500 Series; 7.1, 7.2, 8.0, 8.1, 8.2, 8.3, 8.4, 8.6

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

The vendor has issued a fix (7.2(5.7), 8.2(5.26), 8.4(3.8), 8.5(1.7), 8.6(1.1)).
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120314-asaclient
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120314-asa

Vulnerability Identifier

Source

SecurityTracker

Related Link

Share with

IBM AIX `TCP large send offload´ Denial of Service Vulnerability

7 Feb 2012 5749 Views

Cisco Firewall Services Module Protocol Independent Multicast (PIM) Denial of Service Vulnerability

15 Mar 2012 5434 Views