Cisco patches security appliance bugs

  • 18 May 2016
  • 1 reply
  • 161 views

Userlevel 7
Badge +54

ASA can be DoSsed by XML, VPN attacks

  18 May 2016 at 03:02, Richard Chirgwin It's Borg Bug Day, and this week Cisco's issued patches of interest to users of its Adaptive Security Appliances (ASAs).
The two newly-announced bugs are CVE-2016-1379, a VPN block memory exhaustion vulnerability; and CVE-2016-1385, a problem with the ASA XML parser.
 
The memory exhaustion vulnerability affects ASA software releases later than 9.0, and can be exploited remotely.
The software has a bug in how it handles ICMP errors in IPsec packets, and crafted packets sent either through LAN-to-LAN or remote access VPN tunnels can “deplete available memory”.
 
Full Article

1 reply

Userlevel 7
Hallelujah...and about time too...what took them so long. :(

Reply