Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.1244
Multiple vulnerabilities have been identified in Cisco
Adaptive Security Appliance
18 May 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco Adaptive Security Appliance
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2016-1385 CVE-2016-1379
Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-vpn
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-xml
Comment: This bulletin contains two (2) Cisco Systems security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Cisco Security Advisory
Cisco Adaptive Security Appliance XML Parser Denial of Service Vulnerability
Medium
Advisory ID:
cisco-sa-20160517-asa-xml
Published:
2016 May 17 00:00 GMT
Version 1.0:
Final
CVSS Score:
Base - 6.8
Workarounds:
No workarounds available
Cisco Bug IDs:
CSCut14209
CVE-2016-1385
CWE-119
Summary
A vulnerability in XML parser code of Cisco Adaptive Security Appliance
Software could allow an authenticated, remote attacker to cause system
instability or a reload of the affected system.
The vulnerability is due to insufficient hardening of the XML
parser configuration. An attacker could exploit this vulnerability
in multiple ways by utilizing a malicious file. An attacker with
administrative privileges could exploit this by uploading a malicious
XML file on the system and trigger the XML code to parse the malicious
file. Additionally, an attacker with Clienteles SSL VPN access could
exploit this vulnerability by sending a crafted XML file. An exploit
would allow the attacker to crash the XML parser process, which could
cause system instability, memory exhaustion, and in some cases lead
to a reload of the affected system.
Cisco has released software updates that address this
vulnerability. Workarounds that address this vulnerability are not
available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-xml
Affected Products
If the attacker has administrative privileges, the exposure does not
depend on the actual configuration.
In the scenario where the attacker has access to a Clientless SSL VPN
session, Cisco Adaptive Security Appliance software is vulnerable if
the Clientless SSL VPN feature and File Access (also known as Browse
Networks) via Common Internet File System (CIFS) or FTP is allowed.
Vulnerable Products
All Cisco Adaptive Security Appliance releases are affected by this
vulnerability
Products Confirmed Not Vulnerable
No other Cisco products are currently known to be affected by this
vulnerability.
Workarounds
Workarounds are not available.
Fixed Software
When considering software upgrades, customers are advised to
consult the Cisco Security Advisories and Responses archive at
http://www.cisco.com/go/psirt and review subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and
software configurations will continue to be supported properly by the
new release. If the information is not clear, customers are advised to
contact the Cisco Technical Assistance Center (TAC) or their contracted
maintenance providers.
Customers should upgrade to an appropriate release as indicated in
the following table.
In the table, the left column lists major releases of Cisco ASA
Software. The right column indicates whether a major release is affected
by the vulnerability described in this advisory and the first release
that includes the fix for this vulnerability.
Cisco ASA Major Release First Fixed Release
Prior to 9.0 Affected. Migrate to 9.1(7.6) or later
9.0 Affected. Migrate to 9.1(7.6) or later
9.1 9.1(7.6)
9.2 9.2(4.8)
9.3 9.3(3.8)
9.4 9.4(2.6)
9.5 9.5(2.6)
9.6 Not affected
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware
of any public announcements or malicious use of the vulnerability that
is described in this advisory.
Source
This vulnerability was found during internal security tests.
URL
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-xml
Revision History
Version Description Section Status Date
1.0 Initial public release. - Final 2016-May-17
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND
OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY
OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE
DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO
RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits
the distribution URL is an uncontrolled copy and may lack important
information or contain factual errors. The information in this document
is intended for end users of Cisco products.
- -------------------------------------------------------------------------------
Cisco Security Advisory
Cisco Adaptive Security Appliance VPN Memory Block Exhaustion Vulnerability
Medium
Advisory ID:
cisco-sa-20160517-asa-vpn
Published:
2016 May 17 14:00 GMT
Version 1.0:
Final
CVSS Score:
Base - 6.3
Workarounds:
No workarounds available
Cisco Bug IDs:
CSCuv70576
CVE-2016-1379
CWE-399
Summary
A vulnerability in the IPsec code of Cisco Adaptive Security Appliance
(ASA) Software could allow an authenticated, remote attacker to cause
the depletion of a memory block, which may cause the system to stop
forwarding traffic and result in a denial of service (DoS) condition.
The vulnerability is due to an error in the implementation of ICMP error
handling for IPsec packets. An attacker could exploit this vulnerability
by sending crafted packets through an established LAN-to-LAN or Remote
Access VPN tunnel. A successful exploit could allow the attacker to
deplete available memory and cause system instability or cause the
system to stop forwarding traffic.
Cisco has released software updates that address this
vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-vpn
Affected Products
Cisco ASA Software is affected by this vulnerability if the system is
configured for Internet Key Exchange Version 1 (IKEv1) or Internet Key
Exchange Version 2 (IKEv2) LAN-to-LAN VPN or IKEv1 or IKEv2 Remote
Access VPN with Layer 2 Tunneling Protocol and IPsec (L2TP-IPsec),
and the set validate-icmp-errors command is configured in the crypto
map. The set validate-icmp-errors command is not configured by default.
To determine whether the set validate-icmp-errors command is configured,
administrators can issue the show run | set validate-icmp-errors
command and verify that the command returns output.
Cisco ASA Software that is configured for Clientless VPN or AnyConnect
SSL VPN is not affected by this vulnerability.
Vulnerable Products
Cisco ASA Software releases 9.0 and later are affected by this
vulnerability.
Products Confirmed Not Vulnerable
No other Cisco products are currently known to be affected by this
vulnerability.
Workarounds
There are no workarounds that address this vulnerability.
Fixed Software
When considering software upgrades, customers are advised to
consult the Cisco Security Advisories and Responses archive at
http://www.cisco.com/go/psirt and review subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to upgrade
contain sufficient memory and confirm that current hardware and
software configurations will continue to be supported properly by the
new release. If the information is not clear, customers are advised to
contact the Cisco Technical Assistance Center (TAC) or their contracted
maintenance providers.
Customers should upgrade to an appropriate release as indicated in the
following table. In the table, the left column lists major releases of
Cisco ASA Software. The right column indicates whether a major release
is affected by the vulnerability described in this advisory and the
first release that includes the fix for this vulnerability.
Cisco ASA Major Release First Fixed Release
Prior to 9.0 Not affected
9.0 9.0(4.39)
9.1 9.1(6.9)
9.2 9.2(4.1)
9.3 9.3(3.9)
9.4 9.4(2)
9.5 9.5(1.4)
9.6 Not affected
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware
of any public announcements or malicious use of the vulnerability that
is described in this advisory.
Source
This vulnerability was found during the resolution of support cases.
URL
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-vpn
Revision History
Version Description Section Status Date
1.0 Initial public release. - Final 2016-May-17
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVzvCNX6ZAP0PgtI9AQLOChAAirjzwAvDzafRT753S0X3p0ZUpUWtS91c
o+pSxM6TyLfk4Sgoi3ePqmMrm+QLB9pU1jMEZs5MgiFvTaYO/3BGd1JRYDzpnXwl
msS4ZnYA6lWnht6QmHjvz3FBoH0bDGCwu2+rcjwin7IPYukJX8Y84JMdLxO/j5KP
tb8x3Oqvz+D00vEJqTEEpa0pvrMPYUSn7SMIorq/muxtOBrOU+JEX4bLOnRLppkW
RGKzQsFp7lsAkS83F20gKGQWtDyIQe9YqAkH9T2oPsgwIMQlM2X3/2afPAi4Hy7x
yzt7lC53eIPrcmpcam6sZAJcTOi5hjRnpjO7Z8UBe/7RQq+Y9AE8atuEVxyXM/nZ
3yD+6AiuXcaRaiu5u/qXfbYXVvCrm+XfyPzwzufGo/mtJCh7CtdQ91U23jlIsDzj
uPEKe5rVvvyQR+Ll9hDDbAOw7rVrh0J9s9wVghzGzW+PK7u7SeP6ScQOnsj3DMt6
SEyuFicrZPbOYKVMxZba6hvXGJhDtcJMdwcR+KgiZg2UOiki75Whoti8jCEyy19H
kUkLms8vXGZr5oHX7uWCTqXLtLLfm8ef/xzxkXdeDreb0LkgISm/7RGaURvJd9vz
8lvqcBs+CF6FlteyThIU2VIj5GvJePcYNR25k6b2sPd+J7YGSxbljuXf9RmQJCVP
nO2TcvfMb6w=
=RB3w
-----END PGP SIGNATURE-----