Cisco ASA 5500 Series Multiple Vulnerabilities (cisco-sa-20110223-asa)

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.

Synopsis :

The remote security device is missing a vendor-supplied security patch.

Description :

The remote Cisco ASA device is missing a security patch and may be
affected by the following issues :

- When configured for transparent firewall mode, a packet
buffer exhaustion vulnerability could cause the appliance
to stop forwarding traffic. (CVE-2011-0393)

- When SCCP inspection is enabled, a malformed SCCP
message could cause the appliance to reload.

- If both RIP and the Cisco Phone Proxy feature are enabled,
the appliance may reload when processing valid
RIP updates. (CVE-2011-0395)

- When the appliance is configured as a local CA server,
unauthorized users can obtain sensitive data without
providing authentication. (CVE-2011-0396)

See also :

Solution :

Apply the appropriate patch (see plugin output).

Risk factor :

High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.4
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 52586 ()

Bugtraq ID: 46518

CVE ID: CVE-2011-0393