ASA can be DoSsed by XML, VPN attacks
18 May 2016 at 03:02, Richard Chirgwin It's Borg Bug Day, and this week Cisco's issued patches of interest to users of its Adaptive Security Appliances (ASAs).The two newly-announced bugs are CVE-2016-1379, a VPN block memory exhaustion vulnerability; and CVE-2016-1385, a problem with the ASA XML parser.
The memory exhaustion vulnerability affects ASA software releases later than 9.0, and can be exploited remotely.
The software has a bug in how it handles ICMP errors in IPsec packets, and crafted packets sent either through LAN-to-LAN or remote access VPN tunnels can “deplete available memory”.
Full Article