Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.0923
Cisco ASA FirePOWER Services and Cisco ASA CX Services
Crafted Packets Denial of Service Vulnerability
10 April 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco ASA FirePOWER Services
Cisco ASA CX Services
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2015-0678
Original Bulletin:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability
Advisory ID: cisco-sa-20150408-cxfp
Revision 1.0
For Public Release 2015 April 8 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the virtualization layer of the Cisco ASA FirePOWER Services and Cisco ASA Context Aware (CX) Services could allow an unauthenticated, remote attacker to cause the a reload of the affected system.
Cisco has released free software updates that address this vulnerability. The resolution includes upgrading the Cisco ASA FirePOWER Services Software or the Cisco ASA CX Services Software and the Cisco ASA Software. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp
Note: Cisco ASA Software is affected by several other vulnerabilities described in the Cisco Security Advisory Multiple Vulnerabilities in Cisco ASA Software, cisco-sa-20150408-asa.
Cisco ASA customers should review cisco-sa-20150408-asa before determining an upgrade release for Cisco ASA Software.
Cisco Security Advisory Multiple Vulnerabilities in Cisco ASA Software is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBVSVUHopI1I6i1Mx3AQIyoA/+LQvVAb1/gU23W7r0uLdiv9YyIHJsVWl1
FeiGbiXTkyXGXL5ear+If/7mFA6PMpvM49mYAM7KvlWs/xcJnTc1iiH7kmT4636e
LrlGBTRQDKCEMT2mscc2BJCdAbrpHc3VpCuJ+9DZ1rgOkafXOQxe5Y4+j7M7Rbit
gt0wbr0u3lDydoaqyuj9fzVup1JJXC5HeHp5S7RUbXS2KBMHgze5xdxxtshsu4/y
qgB/aE/QGIqkdEAIKtHFQ77t/EU/M1CQdoExGEG5LtCjqedkwgsXsBPLwEddaCv/
Jv7FRpaDhuOLxzi3n4LGsF+xKQDCI/0FGacZsUxi3XHznKoSwWeoAOxtpQZG9DF7
thyaTD0xa4Nw/5kaw+3yyVwyqigjuBhOWx83kf03P/MEO+x4FHEvEUHR6TLErkD0
E00KajL38Ci5DKZjQN3tb1IulbtmrMjGDmoFZiuCGhMiik1f7V1Q8Qi1wh2lVpek
D38XYQTblbGmpr5voiEgZPL7aw/0JShM3WjXaXy/Qerue4qru/oY/YRmB5QG35dc
4AbpRzDAFyZOX6IrLlHUPTfMNPr8K0xHZn1B8/7dmuALtm2D+AEYFUitDzjII1Kn
Z6Z9NM94PRexJ+S9DNDFxPVkgmmzlQdnRfBJzreb6K0IJFhpNjHKu+gCnKaanfjj
tN9ezCk4DH8=
=0yWw
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVScgNRLndAQH1ShLAQJSqBAAq7IpMm80OHpkiuFkLltJPDC4qKuZI+ED
zjdP7GQwdB3TZPNn8z8ND9NekSw4hLc9Vj66tuCyp7ykjPbwU8Vs577KOTJ4cj2y
nBbr0nUN5/yBNAFYfytSoFmNOO+vkJ7JbcTz0LFhqqfRIAG5I0dDrlitQN1NWu0s
4VsUGlqr3HP1+lZ6aMa29PFRj5H50NrbIgdtlEeaI7woiWOaBhAIJE/oK8y2ST0J
bmS4/u15sbwYNpd13i9qv6cMV4WLNPlCYR2QoqFjAgySb/yGGNKbcIGDy+QQP620
Ptlnc/PC5rfyJY/6VHoQV9Wb1+TR5egBmygDXlU+gZuZ6yqxdF8NzSbk0JwwLcbG
1ftwviytWvh+dKDfbn5DJdtcClSjYqT5BS6BYWJbeq4sTcu6FEKKn6aMO9YLPiDG
j3AKR2vfj6MHArz6Wnx6j1wI3bYrEtSU/DGxMF3Klhrg/+nRZY5mNaDhj7Pd6z5G
tUKLfclt6UPdsq81QVn6adb3FYyRQ9QLbSkm+Mo+CkIolGZJuDeoILd6C6D6drzi
ytHHBdHmpP8XNJ+rtuJdiC1g9tdA/hfbofl/eIViuCNEhKvOw1Waq8sMI1nqj8ug
tcvUwCE2iExqRfD+T543Bj1OZEeoD3lp+V9ReAswjtM217nGI4nlz/0RYbdlKIYP
QbrQiH0qYwo=
=sQ5+
-----END PGP SIGNATURE-----