Cisco has patched a critical vulnerability in the Identity Firewall feature of Cisco ASA Software, which would allow a remote attacker to execute arbitrary code and obtain full control of the system (or cause a reload).
The vulnerability is due to a buffer overflow in the affected code area.
“An attacker could exploit this vulnerability by sending a crafted NetBIOS packet in response to a NetBIOS probe sent by the ASA software,” the company explained, but added that only traffic directed to the affected system can be used to exploit it.
Full Article