Cisco ASA 5500 Series Multiple Vulnerabilities (cisco-sa-20111005-asa)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote security device is missing a vendor-supplied security
patch.

Description :

The remote Cisco ASA is missing a security patch and may be affected
by the following issues :

- When MSN IM inspection is enabled, inspecting malformed
transit traffic could cause the device to reload.
(CVE-2011-3304)

- TACACS+ authentication can be bypassed by an attacker
with access between the ASA and the TACACS+ server.
(CVE-2011-3298)

- Four DoS vulnerabilities in the SunRPC inspection
engine can be triggered by specially crafted
UDP traffic, causing the device to reload.
(CVE-2011-3299, CVE-2011-3300, CVE-2011-3301, CVE-2011-3302)

- When ILS inspection is enabled, inspecting malformed
transit traffic could cause the device to reload,
resulting in a sustained DoS condition. (CVE-2011-3303)

See also :

http://www.nessus.org/u?9309dab6

Solution :

Apply the appropriate Cisco ASA patch (see plugin output).

Risk factor :

High / CVSS Base Score : 7.9
(CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.5
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true