Main Menu

Mailing List

Name:

Email:

Archive

Archive

[SingCERT] Cisco ASA 5500 and FWSM SCCP Inspection Remote Denial of Service Vulnerability

Attention: open in a new window. PDFPrintE-mail

[ Summary ]

Cisco ASA 5500 and FWSM are prone to a denial-of-service vulnerability; fixes are available.

Cisco Firewall Services Module (FWSM) is an integrated firewall module for multiple Cisco devices. Cisco ASA 5500 Series Adaptive Security Appliances and FWSM for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers are prone to a vulnerability that may cause FWSM to reload after processing a malformed Skinny Client Control Protocol (SCCP) message. The vulnerability occurs when SCCP inspection is enabled. An attacker can exploit this issue to cause a denial-of-service condition.

This issue is being tracked by Cisco bug IDs CSCtg69457 and CSCtl84952.

[ Affected Systems ]

  • Cisco ASA 5500 Series Adaptive Security Appliance 7.0
  • cpe:/h:cisco:asa_5500:7.0 NVD Cisco ASA 5500 Series Adaptive Security Appliance 7.1
  • cpe:/h:cisco:asa_5500:7.1 NVD
  • Cisco ASA 5500 Series Adaptive Security Appliance 7.2
  • cpe:/h:cisco:5500_series_adaptive_security_appliance:7.2 NVD Cisco ASA 5500 Series Adaptive Security Appliance 8.0
  • cpe:/h:cisco:5500_series_adaptive_security_appliance:8.0 SYMC Cisco ASA 5500 Series Adaptive Security Appliance 8.1
  • cpe:/h:cisco:5500_series_adaptive_security_appliance:8.1 SYMC Cisco ASA 5500 Series Adaptive Security Appliance 8.2
  • cpe:/h:cisco:5500_series_adaptive_security_appliance:8.2 SYMC Cisco ASA 5500 Series Adaptive Security Appliance 8.3
  • cpe:/h:cisco:5500_series_adaptive_security_appliance:8.3 SYMC Cisco Firewall Services Module (FWSM) 3.1
  • cpe:/h:cisco:firewall_services_module:3.1 NVD Cisco Firewall Services Module (FWSM) 3.2
  • cpe:/h:cisco:firewall_services_module:3.2 NVD Cisco Firewall Services Module (FWSM) 4.0
  • cpe:/h:cisco:fwsm:4.0 SYMC Cisco Firewall Services Module (FWSM) 4.1 cpe:/h:cisco:fwsm:4.1 SYMC

[ Impact Analysis ]

An attacker can exploit this issue to cause a denial-of-service condition.

[ Solution/Workaround ]

Updates are available. Please see the references for details.

[ Reference ]

Advisory:Cisco Security Advisory: Cisco Firewall Services Module Skinny Client Control Pr (Cisco) Cisco

Advisory:Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adapt (Cisco) Cisco

< Prev   Next >