Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances (cisco-sa-20100217-asa)

This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.


Synopsis :

The remote SSL VPN Server is vulnerable to various flaws

Description :

The remote host is a Cisco Adaptive Security Appliance (ASA). The
remote version of the software used on this appliance is affected by
the following security flaws :

- A TCP connection exhaustion denial of service
vulnerability. (CVE-2010-0149)

- Two Session Initiation Protocol (SIP) inspection denial
of service vulnerabilities. (CVE-2010-0150 and
CVE-2010-0569)

- A Skinny Client Control Protocol (SCCP) inspection
denial of service vulnerability. (CVE-2010-0151)

- A WebVPN Datagram Transport Layer Security (DTLS) denial
of service vulnerability. (CVE-2010-0565)

- A crafted TCP segment denial of service vulnerability.
(CVE-2010-0566)

- A crafted Internet Key Exchange (IKE) message denial of
service vulnerability. (CVE-2010-0567)

- An NT LAN Manager version 1 (NTLMv1) authentication
bypass vulnerability. (CVE-2010-0568)

An attacker could exploit these flaws to crash the remote device, or
to log into the remote VPN (when configured to use NTLMv1
authentication).

See also :

http://www.cisco.com/warp/public/707/cisco-sa-20100217-asa.shtml

Solution :

Install the appropriate firmware upgrade as described in the vendor's
advisory.

Risk factor :

High / CVSS Base Score : 9.4
(CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true