Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Cisco ASA < 8.4(7.30) IKEv1 and IKEv2 UDP Packet Handling RCE (cisco-sa-20160210-asa-ike)

Critical

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The remote Cisco Adaptive Security Appliance (ASA) is missing a vendor-supplied security patch. It is, therefore, affected by a remote code execution vulnerability due to an overflow condition in the Internet Key Exchange (IKE) implementation. An unauthenticated, remote attacker can exploit this, via a specially crafted UDP packet, to cause a denial of service or the execution of arbitrary code. Note that only systems configured in routed firewall mode and single / multiple context mode are affected.

Solution

Upgrade to the relevant fixed version referenced in Cisco Security Advisory cisco-sa-20160210-asa-ike.