Cisco Firewall Services Module Multiple DoS and ACL Corruption Vulnerabilities
BID:26109
Info
Cisco Firewall Services Module Multiple DoS and ACL Corruption Vulnerabilities
| Bugtraq ID: | 26109 |
| Class: | Unknown |
| CVE: |
CVE-2007-5570 CVE-2007-5571 |
| Remote: | No |
| Local: | No |
| Published: | Oct 17 2007 12:00AM |
| Updated: | Nov 15 2007 12:39AM |
| Credit: | The vendor disclosed these issues. |
| Vulnerable: |
Cisco Firewall Services Module (FWSM) 3.2 (2) Cisco Firewall Services Module (FWSM) 3.1(6) Cisco Firewall Services Module (FWSM) 3.1(4) Cisco Firewall Services Module (FWSM) 3.1(3.24) Cisco Firewall Services Module (FWSM) 3.1(1.9) Cisco Firewall Services Module (FWSM) 3.1(1.7) Cisco Firewall Services Module (FWSM) 3.1 (3.3) Cisco Firewall Services Module (FWSM) 3.1 (3.2) Cisco Firewall Services Module (FWSM) 3.1 (3.18) Cisco Firewall Services Module (FWSM) 3.1 (3.11) Cisco Firewall Services Module (FWSM) 3.1 (3.1) Cisco Firewall Services Module (FWSM) 3.1 |
| Not Vulnerable: | |
Discussion
Cisco Firewall Services Module Multiple DoS and ACL Corruption Vulnerabilities
Cisco Firewall Services Module (FWSM) is prone to multiple denial-of-service vulnerabilities and a vulnerability that could let attackers corrupt ACLs (access control lists).
Three vulnerabilities were reported in total:
1. Specially crafted HTTPS may cause the FWSM to reload. If exploited repeatedly, this could cause a persistent denial of service.
2. Specially crafted MGCP packets may cause the FWSM to reload. If exploited repeatedly, this could cause a persistent denial of service.
3. Manipulating Access Control Entries (ACE) in the ACL via the command line or ASDM (Adaptive Security Device Manager) may inadvertently cause them to not be evaluated. This will corrupt ACLs.
Cisco Firewall Services Module (FWSM) is prone to multiple denial-of-service vulnerabilities and a vulnerability that could let attackers corrupt ACLs (access control lists).
Three vulnerabilities were reported in total:
1. Specially crafted HTTPS may cause the FWSM to reload. If exploited repeatedly, this could cause a persistent denial of service.
2. Specially crafted MGCP packets may cause the FWSM to reload. If exploited repeatedly, this could cause a persistent denial of service.
3. Manipulating Access Control Entries (ACE) in the ACL via the command line or ASDM (Adaptive Security Device Manager) may inadvertently cause them to not be evaluated. This will corrupt ACLs.
Exploit / POC
Cisco Firewall Services Module Multiple DoS and ACL Corruption Vulnerabilities
To exploit these issues, an attacker can use readily available network tools.
To exploit these issues, an attacker can use readily available network tools.
Solution / Fix
Cisco Firewall Services Module Multiple DoS and ACL Corruption Vulnerabilities
Solution:
The vendor has released an advisory and updates regarding these issues. Please see the references for details.
Solution:
The vendor has released an advisory and updates regarding these issues. Please see the references for details.
References
Cisco Firewall Services Module Multiple DoS and ACL Corruption Vulnerabilities
References:
References:
- Cisco Homepage (Cisco)
- Cisco Security Advisory: Multiple Vulnerabilities in FirewallServices Module (Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory cisco-sa-20071017-fwsm (Cisco)