Cisco PIX And ASA Appliances MGCP And TLS Packets Denial Of Service Vulnerabilities
BID:26104
Info
Cisco PIX And ASA Appliances MGCP And TLS Packets Denial Of Service Vulnerabilities
| Bugtraq ID: | 26104 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-5568 CVE-2007-5569 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 17 2007 12:00AM |
| Updated: | Nov 05 2007 05:05PM |
| Credit: | The vendor reported these issues. |
| Vulnerable: |
Cisco PIX/ASA 7.0.4 .3 Cisco PIX/ASA 7.0.4 Cisco PIX/ASA 7.0.1 .4 Cisco PIX/ASA 7.0 Cisco PIX/ASA 8.0 Cisco PIX/ASA 7.2.(2.8) Cisco PIX/ASA 7.2.(2.7) Cisco PIX/ASA 7.2.(2.19) Cisco PIX/ASA 7.2.(2.17) Cisco PIX/ASA 7.2.(2.16) Cisco PIX/ASA 7.2(2.15) Cisco PIX/ASA 7.2(2.14) Cisco PIX/ASA 7.2(2.10) Cisco PIX/ASA 7.2(2) Cisco PIX/ASA 7.2(1.22) Cisco PIX/ASA 7.2(1) Cisco PIX/ASA 7.1.(2.49) Cisco PIX/ASA 7.1.(2.48) Cisco PIX/ASA 7.1(2.5) Cisco PIX/ASA 7.1(2.27) Cisco PIX/ASA 7.1(2) Cisco PIX/ASA 7.0(6.7) Cisco PIX/ASA 7.0(5.2) Cisco PIX/ASA 7.0(5) |
| Not Vulnerable: |
Cisco PIX/ASA 8.0(2) Cisco PIX/ASA 7.2(2.24) Cisco PIX/ASA 7.1 (2.55) Cisco PIX/ASA 7.0(6.33) |
Discussion
Cisco PIX And ASA Appliances MGCP And TLS Packets Denial Of Service Vulnerabilities
Cisco Adaptive Security Appliances (ASA) and Cisco PIX are prone to multiple remote denial-of-service vulnerabilities because the devices fail to handle specially crafted network packets.
An attacker can exploit these issues to cause the affected devices to reload, denying service to legitimate users. Repeat attacks will result in a prolonged denial-of-service condition.
Cisco Adaptive Security Appliances (ASA) and Cisco PIX are prone to multiple remote denial-of-service vulnerabilities because the devices fail to handle specially crafted network packets.
An attacker can exploit these issues to cause the affected devices to reload, denying service to legitimate users. Repeat attacks will result in a prolonged denial-of-service condition.
Exploit / POC
Cisco PIX And ASA Appliances MGCP And TLS Packets Denial Of Service Vulnerabilities
To exploit these issues, an attacker can use readily available network utilities.
To exploit these issues, an attacker can use readily available network utilities.
Solution / Fix
Cisco PIX And ASA Appliances MGCP And TLS Packets Denial Of Service Vulnerabilities
Solution:
The vendor released updates to address these issues. Please see the referenced advisory for more information.
Solution:
The vendor released updates to address these issues. Please see the referenced advisory for more information.
References
Cisco PIX And ASA Appliances MGCP And TLS Packets Denial Of Service Vulnerabilities
References:
References:
- Cisco Homepage (Cisco )
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX/ASA (Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and ASA Appliance (Cisco)