[SingCERT] Software Vulnerability Discovered by CISCO in their ASA Software

Published on Thursday, 11 February 2016 17:00

[ Background ]

This vulnerability was discovered in the Cisco Adaptive Security Appliance (ASA) software. The Cisco ASA is an IP router which serves as an application-aware firewall, network antivirus, intrusion prevention system, and virtual private network (VPN) server. On 10 February 2016, CISCO published a security advisory to address this software vulnerability (CVE-2016-1287).

(Screenshot of Cisco Security Advisory)
Credit: Cisco (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike)

[ Description of Vulnerability ]

A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.

[ Affected Products ]

Affected Cisco ASA Software running on the following products may be affected by this vulnerability:
  • Cisco ASA 5500 Series Adaptive Security Appliances
  • Cisco ASA 5500-X Series Next-Generation Firewalls
  • Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Cisco ASA 1000V Cloud Firewall
  • Cisco Adaptive Security Virtual Appliance (ASAv)
  • Cisco Firepower 9300 ASA Security Module
  • Cisco ISA 3000 Industrial Security Appliance
[ Impact ]

The vulnerability is due to a buffer overflow in the affected code. An attacker could exploit this vulnerability by sending specially crafted UDP packets to the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system.

[ Solution / Workaround ]

There is no workaround. Cisco has released software updates that address this vulnerability, all network administrators are advised to immediately patch their affected products to mitigate the security risks.

[ References ]