MS-ISAC CYBERSECURITY ADVISORIES
MS-ISAC ADVISORY NUMBER:
Buffer Overflow Vulnerability in Cisco ASA Software Products Could Allow for Remote Code Execution
A buffer overflow vulnerability has been discovered in Cisco ASA Adaptive Security Appliances. Successful exploitation could allow an unauthenticated user to take control of the affected system and perform unauthorized actions.
This exploit has been publicly disclosed. There are currently no reports of these vulnerabilities being exploited in the wild.
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco ASA 5500-X Series Next-Generation Firewalls
Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
Cisco ASA 1000V Cloud Firewall
Cisco Adaptive Security Virtual Appliance (ASAv)
Cisco Firepower 9300 ASA Security Module
Cisco ISA 3000 Industrial Security Appliance
Large and medium government entities: High
Small government entities: High
Large and medium business entities: High
Small business entities: High
Home users: N/A
Cisco ASA Software IKEv1 and IKEv2 are prone to a buffer overflow vulnerability that could allow for an unauthenticated user to cause a reload of the affected system or to remotely execute code. The algorithm for re-assembling Internet Key Exchange (IKE) payloads fragmented with the Cisco fragmentation protocol contains a bounds-checking flaw that allows a heap buffer to be overflowed with specially crafted UDP packets.
We recommend the following actions be taken:
Install updates provided by Cisco immediately after appropriate testing.
Verify no unauthorized system modifications have occurred on system before applying patch.
Monitor intrusion detection systems for any signs of anomalous activity.
Unless required, limit external network access to affected products.