Multiple vulnerabilities have been reported in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module (ASASM), which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
1) An error during memory allocation for an internal DHCP data structure when processing DHCP requests can be exploited to cause a device reload via a specially crafted transit or direct DHCP request.
Successful exploitation requires the DHCP relay or DHCP server feature to be enabled.
2) An error in the AAA (Authentication, Authorization, and Accounting) code when handling SSL VPN authentication can be exploited to cause a device reload via a specially crafted authentication challenge-response.
Successful exploitation requires Cisco ASA software configured for Clientless or AnyConnect SSL VPN.
3) An error within the SIP (Session Initiation Protocol) inspection engine can be exploited to cause a device reload via a specially crafted SIP media update packet.
Successful exploitation requires that SIP inspection is enabled.
4) Some vulnerabilities exist in the DCERPC inspection engine.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org