Cisco ASA 5500 Series Multiple Vulnerabilities (cisco-sa-20111005-asa)

high Nessus Plugin ID 56631

Synopsis

The remote security device is missing a vendor-supplied security patch.

Description

The remote Cisco ASA is missing a security patch and may be affected by the following issues :

- When MSN IM inspection is enabled, inspecting malformed transit traffic could cause the device to reload.
(CVE-2011-3304)

- TACACS+ authentication can be bypassed by an attacker with access between the ASA and the TACACS+ server.
(CVE-2011-3298)

- Four DoS vulnerabilities in the SunRPC inspection engine can be triggered by specially crafted UDP traffic, causing the device to reload.
(CVE-2011-3299, CVE-2011-3300, CVE-2011-3301, CVE-2011-3302)

- When ILS inspection is enabled, inspecting malformed transit traffic could cause the device to reload, resulting in a sustained DoS condition. (CVE-2011-3303)

Solution

Apply the appropriate Cisco ASA patch (see plugin output).

See Also

http://www.nessus.org/u?4d707431

Plugin Details

Severity: High

ID: 56631

File Name: cisco-sa-20111005-asa.nasl

Version: 1.7

Type: local

Family: CISCO

Published: 10/25/2011

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.9

Temporal Score: 5.8

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/h:cisco:asa_5500, cpe:/a:cisco:adaptive_security_appliance_software

Required KB Items: Host/Cisco/ASA, Host/Cisco/ASA/model

Exploit Ease: No known exploits are available

Patch Publication Date: 10/5/2011

Vulnerability Publication Date: 10/5/2011

Reference Information

CVE: CVE-2011-3298, CVE-2011-3299, CVE-2011-3300, CVE-2011-3301, CVE-2011-3302, CVE-2011-3303, CVE-2011-3304

BID: 49951, 49952, 49956